Proactive Defenses Against Proactive Defenses Against DDoS DDoS and Worm Attacks and Worm Attacks Harnessing the Power of Power-Law Topology for Scalable Network Security Harnessing the Power of Power-Law Topology for Scalable Network Security Kihong Park (PI), Hyojeong Kim, Ali Selcuk, Bhagya Bethala, Humayun Khan, Wonjun Lee Network Systems Lab, Department of Computer Sciences, Purdue University Internet Power-Law Topology “A few are connected to many, many are connected to a few.” → facilitates strategic & economic filter deployment Proactive protection: Prevent attacks from imparting harm in the first place Reactive protection: Respond, attribute, and contain new and non-preventable attacks Objective → new approach: distributed packet filtering (DPF) → proactive & reactive filtering Worm Attack Protection DDoS Attack Protection → DPF: route-based filtering “unde venis?” → NLANR (1997-2002), CAIDA, RIPE, USC/ISI, UMich Internet AS measurement data low med high victim attackers low med high filters With DPF Without DPF → 4% deployment achieves significant protection: containment & traceback Infection Dynamics Percolation Threshold → DPF: content-based filtering Critical Filter Density Tools: Large-Scale Simulation & Prototype System Building {attackers, traffic generators, fault generators, …} CBR, Poisson, self-similar, MMPP, file transfer Link Layer DPF Lookup IP TCP UDP Socket API BGP DPF Update Applications DaSSF Kernel MPI DML Protocol Stack Meta-DML Topology Protocol Stack Attack Configuration Network Partition Dynamic DPF Simulator: Parallel Network Simulation Intel IXP1200 Intel IXP1200 Network Processor Network Processor → workstation cluster Network Processor Prototyping _ 7-node IXP1200 NP testbed _ DPF implementation & evaluation _ Teja development environment _ 12,500+ node networks _ Failure model _ Power-law partitioning _ System measurement _ Meta-DML configuration _ Trace-driven visualization