Title: Efficient Identification of Malicious Flows and Networks

Speaker: Ran Ben Basat, Harvard University

Date: Wednesday, April 10, 2019

Time: 12:00pm – 1:00pm

Location: Northeastern University, 332 Interdisciplinary Science & Engineering Complex (ISEC), 805 Columbus Ave, 02120

Abstract

Distributed Denial of Service (DDoS) attacks are doubling in both number and volume on a yearly basis.  These pose a critical threat to financial institutions and cloud providers that struggle to keep their services available and secure.  To mitigate the attacks, operators rely on middleboxes that analyze the traffic and identify malicious flows and subnets.  A key technique used for this identification is the Hierarchical Heavy Hitters (HHH) measurement, that singles out networks which send an excessive amount of traffic.

In this talk, I will present new techniques for identifying HHH accurately and efficiently.

We account for traffic changes and quickly detect emerging HHH using a sliding window that reflects only the recent data.  To evaluate our solution, we deployed a network rate-limiting and packet flagging system on the popular HAproxy load balancer.  Our design includes multiple load balancers that report to a centralized controller which creates a network-wide view and issues mitigation instructions.  We simulate a distributed HTTP flood attack with tens of thousands of concurrent stateful connections and show a significant reduction in the amount of attack traffic that passes through

About the Speaker

Ran Ben Basat is a postdoctoral research scholar at Harvard University, advised by Prof. Minlan Yu.  His research interests include the monitoring and control of computer networks using streaming and distributed algorithms.  Ran holds a Ph.D. in Computer Science from the Technion Israel Institute of Technology, where he was advised by Prof. Roy Friedman.  He also received his B.Sc (summa cum laude) and M.Sc (cum laude) from the same department.  Ran won the prestigious Zuckerman Foundation’s and the Israeli Cyber Security’s postdoctoral fellowships and had been awarded the 3rd place in the Feder Prize national research competition.