1
EFFECTIVE DISTILLATION IS THE KEY WHEN AN ATTACK TAKES PLACE: Typical Automated Method Prolexic Human Mitigation Method RAW DATA AUTO ANALYSIS HUMAN MITIGATION (THE MISSING INGREDIENT) RAW DATA AUTO ANALYSIS CHEERS! OUTCOME: Ineffective distillation Leads to murky results and an unclear fingerprint OUTCOME: Potent distillation This crucial extra step leads to clear and effective results with a highly identifiable fingerprint Conclusion: That’s why we need human DDoS mitigators The Problem: • There is a gap between what automated data analytics can do and what malicious attackers can do live behind their botnets • Automatic decision making equipment is prone to false positives The Goal: • Make all incoming attack data useful to humans COMPARE THESE 2 METHODS Hundreds of millions of data points pour into a DDoS mitigation platform in real-time Use automated rules and human attack mitigation techniques to allow good traffic through and block bad traffic Analyze data to detect anomalies and malicious traffic Store billions of traffic and attack data metrics in the cloud ? ? ? ? ? ? ? ? ? ? ? ? 1101010001010100011 0100110101001110011 1010011010101001100 1010100110010100101 1010010101010100101 0100101010011100010 1010100101001110101

Fingerprinting a DDoS Attack

Embed Size (px)

Citation preview

Page 1: Fingerprinting a DDoS Attack

EFFECTIVE DISTILLATION IS THE KEYWHEN AN ATTACK TAKES PLACE:

Typical Automated Method

Prolexic Human Mitigation Method

RAWDATA

AUTOANALYSIS

HUMANMITIGATION(THE MISSINGINGREDIENT)

RAWDATA

AUTOANALYSIS

CHEERS!

OUTCOME:Ineffective distillation Leads to murky results and an unclear fingerprint

OUTCOME:Potent distillation This crucial extra step leads to clear and effective results with a highly identifiable fingerprintConclusion:

• That’s why we need human DDoS mitigators

The Problem:• There is a gap between what automated data

analytics can do and what malicious attackers can do live behind their botnets

• Automatic decision making equipment is prone to false positives

The Goal:• Make all incoming attack data useful to humans

COMPARE THESE 2 METHODS

Hundreds of millions of data points pour into

a DDoS mitigation platform in real-time

Use automated rules and human attack

mitigation techniques to allow good traffic through and block

bad traffic

Analyze data to detect anomalies and

malicious traffic

Store billions of traffic and attack data

metrics in the cloud

?????

??

?

???

?

101101010001010100011010100110101001110011101010011010101001100101010100110010100101101010010101010100101010100101010011100010101010100101001110101

Ddos ve bootnet Attack

Ddos ve bootnet Attack

Documents
Attack Profiling for Ddos - Thesis

Attack Profiling for Ddos - Thesis

Documents
Statistical Application Fingerprinting for DDoS Attack Mitigation · 2019-12-26 · AHMED et al.: STATISTICAL APPLICATION FINGERPRINTING FOR DDoS ATTACK MITIGATION 1473 and generalized

Statistical Application Fingerprinting for DDoS Attack Mitigation · 2019-12-26 · AHMED et al.: STATISTICAL APPLICATION FINGERPRINTING FOR DDoS ATTACK MITIGATION 1473 and generalized

Documents
21984417 DDOS Attack Tools

21984417 DDOS Attack Tools

Documents
26. a Taxonomy of Ddos Attack and Ddos Defense Mechanisms

26. a Taxonomy of Ddos Attack and Ddos Defense Mechanisms

Documents
How to Mitigate DDoS Attack?

How to Mitigate DDoS Attack?

Technology
Breaking the DDoS Attack Chain

Breaking the DDoS Attack Chain

Documents
Surviving a DDOS Attack

Surviving a DDOS Attack

Technology
DDOS Attack Tools

DDOS Attack Tools

Documents
DDoS Attack in Cloud Computing

DDoS Attack in Cloud Computing

Documents
Attack Spotlight: Multi-vector DDoS Attacks

Attack Spotlight: Multi-vector DDoS Attacks

Technology
DDoS Attack Traceback and Beyond

DDoS Attack Traceback and Beyond

Documents
DDOS ATTACK DETECTION IN TELECOMMUNICATION NETWORK …

DDOS ATTACK DETECTION IN TELECOMMUNICATION NETWORK …

Documents
DDOS WEAPONS & ATTACK VECTORS - A10 Networks

DDOS WEAPONS & ATTACK VECTORS - A10 Networks

Documents
Lecture 29: Bots, Botnets, DDoS Attacks, and DDoS Attack ...Delivery Networks (CDN) for DDoS Attack Mitigation 29.7.2 DDoS Attack Mitigation with Manual 65 Reconfiguration of BGP

Lecture 29: Bots, Botnets, DDoS Attacks, and DDoS Attack ...Delivery Networks (CDN) for DDoS Attack Mitigation 29.7.2 DDoS Attack Mitigation with Manual 65 Reconfiguration of BGP

Documents
Q3 2013 Global DDoS Attack Report

Q3 2013 Global DDoS Attack Report

Technology
ICMPv6 ECHO REQUEST DDoS ATTACK DETECTION FRAMEWORK …eprints.usm.my › 31820 › 1 › REDHWAN_MOHAMMED_AHMED_SAAD... · ICMPv6 ECHO REQUEST DDoS ATTACK DETECTION FRAMEWORK USING

ICMPv6 ECHO REQUEST DDoS ATTACK DETECTION FRAMEWORK …eprints.usm.my › 31820 › 1 › REDHWAN_MOHAMMED_AHMED_SAAD... · ICMPv6 ECHO REQUEST DDoS ATTACK DETECTION FRAMEWORK USING

Documents
DDoS Attack Preparation and Mitigation

DDoS Attack Preparation and Mitigation

Technology
Mitigating DDoS attack leveraging AWS environment

Mitigating DDoS attack leveraging AWS environment

Technology
SNMP Reflected Amplification DDoS Attack Mitigation

SNMP Reflected Amplification DDoS Attack Mitigation

Documents
DDoS Attack

DDoS Attack

Documents
(D)DOS DEMYSTIFIED - OARnet...DDoS Attack Customers DDoS Attack Volumetric Protection Cloud ISPa ISPb L3-4 DDoS mitigation DDoS Platform DDoS Platform L7 DDoS mitigation SSL Termination

(D)DOS DEMYSTIFIED - OARnet...DDoS Attack Customers DDoS Attack Volumetric Protection Cloud ISPa ISPb L3-4 DDoS mitigation DDoS Platform DDoS Platform L7 DDoS mitigation SSL Termination

Documents
A Taxonomy of DDoS Attack and DDoS Defense Mechanisms

A Taxonomy of DDoS Attack and DDoS Defense Mechanisms

Documents
Protecting Web Services from DDOS Attack

Protecting Web Services from DDOS Attack

Investor Relations
Ddos attack with_tcp_syn_flooding

Ddos attack with_tcp_syn_flooding

Documents
ATLAS Q3 2014 DDoS Attack Trends

ATLAS Q3 2014 DDoS Attack Trends

Technology
Under DDoS Attack?

Under DDoS Attack?

Education
DDoS ATTACK HANDBOOK - Allot

DDoS ATTACK HANDBOOK - Allot

Documents
Radware DoS / DDoS Attack Mitigation System

Radware DoS / DDoS Attack Mitigation System

Documents
Ddos attack definitivo

Ddos attack definitivo

Technology