University of Twente Student Theses
Automatic Generation of Access Control List on Mellanox Switch For DDoS Attack Mitigation Using DDoS Fingerprints
Sridhar Bangalore Venugopal, Sridhar Bangalore Venugopal (2019) Automatic Generation of Access Control List on Mellanox Switch For DDoS Attack Mitigation Using DDoS Fingerprints.
|
PDF
2MB |
| Abstract: | A Distributed Denial of Service (DDoS) is an attack that send a large amount of network traffic intending to disrupt online services. A successful DDoS attacks can cause significant impact in terms of financial damage and brand reputation. In 2018, Arbor security reported that forty percent of medium sized organizations protected by them were under frequent DDoS attacks. There are two main techniques to detect and mitigate DDoS attacks: signature-based detection and anomaly-based. The former is more specific and efficient in detecting \textit{known} attacks, while the latter is more generic and capable of detecting new attacks. There are also solutions that combines these two techniques called hybrid-based. The problem is that, in the literature, there is no knowledge transfer from anomaly-based to signature-based solution addresed in this thesis. In other words, attacks detected by the anomaly-based solutions are not used for improving the signature-based (which is known to be faster). This type of improvement is suitable for attacks that happens frequently, for example, attacks performed by a botnet campaign. Our methodology relies on (after an attack is detected by the anomaly-based solution): (1) we collect \textit{enough} samples of attack data, (2) summarize this attack data (called DDoS attack fingerprint), and (3) convert this attack summary into a signature-based solution. We used more than 200 actual attack traces to discover the minimum amount of data that contains \textit{enough} attack information. Then, we propose an algorithm to automatically convert these attack information into Access Control List (ACL) on Mellanox switch (in a production network). Our results shows that the attack mitigation was successful through ACL's, but addition of legitimate IP addresses needs to be minimized. Also, few attacks the source IP addresses were not reduced, because they were widely distributed and for attacks with greater amount of source IP addresses the reduction was bigger. This research was performed at Nationale beheersorganisatie internet providers (NBIP) and some of our choice are in-line with NBIP. |
| Item Type: | Essay (Master) |
| Clients: | NBIP, Ede, The Netherlands |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/80079 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page