Cybersecurity Speaker Series: Efficient Identification of Malicious Flows and Networks
Title: Efficient Identification of Malicious Flows and NetworksSpeaker: Ran Ben Basat, Postdoctoral Research Scholar, Harvard UniversityLocation: Northeastern University, 805 Columbus Avenue, Interdisciplinary Science and Engineering Complex (ISEC), Room 655, Boston, Massachusetts 02120AbstractDistributed Denial of Service (DDoS) attacks are doubling in both number and volume on a yearly basis. These pose a critical threat to financial institutions and cloud providers that struggle to keep their services available and secure. To mitigate the attacks, operators rely on middleboxes that analyze the traffic and identify malicious flows and subnets. A key technique used for this identification is the Hierarchical Heavy Hitters (HHH) measurement, that singles out networks which send an excessive amount of traffic.In this talk, I will present new techniques for identifying HHH accurately and efficiently.We account for traffic changes and quickly detect emerging HHH using a sliding window that reflects only the recent data. To evaluate our solution, we deployed a network rate-limiting and packet flagging system on the popular HAproxy load balancer. Our design includes multiple load balancers that report to a centralized controller which creates a network-wide view and issues mitigation instructions. We simulate a distributed HTTP flood attack with tens of thousands of concurrent stateful connections and show a significant reduction in the amount of attack traffic that passes through.About the SpeakerRan Ben Basat is a postdoctoral research scholar at Harvard University, advised by Prof. Minlan Yu. His research interests include the monitoring and control of computer networks using streaming and distributed algorithms. Ran holds a Ph.D. in Computer Science from the Technion Israel Institute of Technology, where he was advised by Prof. Roy Friedman. He also received his B.Sc (summa cum laude) and M.Sc (cum laude) from the same department. Ran won the prestigious Zuckerman Foundation's and the Israeli Cyber Security's postdoctoral fellowships and had been awarded the 3rd place in the Feder Prize national research competition.
Wednesday, November 28, 2018 at 3:00pm