-
CS Colloq: Dr. Jelena Mirkovic
Tue, Jan 19, 2010 @ 03:30 PM - 05:00 PM
Thomas Lord Department of Computer Science
Conferences, Lectures, & Seminars
Talk Title: Combatting spoofing in a realistic InternetSpeaker: Dr. Jelena MirkovicHost: Prof. John Heidemann ABSTRACT:IP spoofing - forging a sender's IP address - exacerbates many security threats, such as denial of service and intrusions. It is also means for conducting reflector attacks where spoofed service requests lead legitimate servers to swamp the victim with replies.
Although many networks have deployed ingress filtering as means of spoofing prevention, legacy networks can still be used to spoof at will and at large. Six approaches to spoofed packet filtering have been proposed to date. Each shows promise under wide deployment (around 20% of the ISPs) but such deployment is unrealistic. The first part of my talk will tackle the problem of evaluating defense performance under realistic, sparse deployment. I will show that such performance depends strongly on the underlying Internet's topology and routing, and remains fairly constant regardless of the topology/routing sources and evolution trends. This evaluation concludes that three defenses would bring significant spoofing protection to all Internet users, and across multiple dimensions, if deployed systematically at top 18 tier-1 ISPs. Only one defense is effective under isolated deployment, and it only protects against spoofed but not against reflected traffic. The second part of my talk focuses on the three defenses that were effective in our evaluation. Each associates a source with some routing-dependent parameter and uses this information for filtering.
An open research problem is how to learn and update parameter values in presence of asymmetric routing, multipath routing and route changes, all of which are common in today's Internet. I will present our design and evaluation of the Clouseau system, which autonomously harvests the needed information from transit traffic and updates it promptly upon a route change. The information is inferred by filters applying randomized drops to TCP data traffic and observing subsequent retransmissions. No communication is required with packet sources or other filters, which makes Clouseau suitable for partial deployment. NS-2 simulations and experiments with a Clouseau prototype indicate that the operation cost is reasonable, the impact on legitimate traffic is minimal and the inferred information is accurate and robust to attacks by a smart adversary. BIO: Jelena Mirkovic is a Computer Scientist at the USC Information Sciences Institute, which she joined in 2007. Prior to this she was an Assistant Professor at the Computer and Information Sciences Department, University of Delaware, 2003-2007. She received her M.S. and Ph.D. from UCLA, and her B.S. in Computer Science and Engineering from the School of Electrical Engineering, University of Belgrade, Serbia. Her current research is focused on scientific cyber security experimentation, safe sharing of network data, denial-of-service attacks and IP spoofing. Her research is funded by the National Science Foundation, the Department of Homeland Security and the Infosys Corporation.
Location: Seaver Science Library (SSL) - 150
Audiences: Everyone Is Invited
Contact: CS Front Desk