^ Top

NANOG Meeting Presentation Abstract

SENSS: Security Service for the Internet
Meeting: NANOG64
Date / Time: 2015-06-01 1:00pm - 1:30pm
This item is webcast
Room: Grand Ballroom
Presenters: Speakers:

Jelena Mirkovic, USC/ISI

Jelena Mirkovic is Project Leader at USC/ISI and research faculty at USC. She received her MS and PhD from UCLA. She received BS in Computer Science and Engineering from School of Electrical Engineering, University of Belgrade, Serbia. Jelena's research interests span networking and security fields. Her current research is focused on malware analysis, denial-of-service attacks, and IP spoofing. Additionally, she is interested in methodologies for conducting security experiments and Internet measurement.
Minlan Yu.
Ying Zhang.
Abdulla Alwabel.
Abstract: Distributed network attacks, such as DDoS and BGP prefix hijacking can severely hurt online businesses and disrupt critical infrastructure services. The main challenge in handling such attacks is their distributed nature: the best locations to diagnose and mitigate them are often far from the victim's network.
Today's Internet has no automated mechanism for victims to ask help of remote ISPs, and has low incentives for remote ISPs to offer such services. Consequently, prefix hijacking attacks go largely unmitigated, and victims of DDoS attacks pay exorbitant prices to large CDNs to distribute their contents and thus sustain the attacks.

We propose SENSS, a programmable security service for the Internet. SENSS brings simple and generic programmable interfaces from SDN to inter-AS security. These interfaces can be easily implemented in today's ISPs; victims use them to observe and control their own traffic and routes in remote ISPs, and pay per use. We show how victims can leverage these simple interfaces to design solutions against many attacks. We provide six such custom programs that handle a variety of DDoS and BGP prefix hijacking attacks, many of which are not handled today. We evaluate SENSS through extensive simulations and prototype implementation, using realistic traffic and Internet topology, and show that it is very effective in sparse deployment (with adoption in 20 large ISPs, SENSS can eliminate 80-96\% DDoS attack traffic and correct 92--99\% of polluted ASes for BGP prefix hijacking), and it has low message overhead and delay.
Files: youtubeSENSS: Security Service for the Internet
pdfSENSS: Security Service for the Internet (slides)(PDF)
Sponsors: None.

Back to NANOG64 agenda.

NANOG64 Abstracts

  • Conference Opening
    Speakers:
    Tony Tauber, Comcast; Daniel Golding, Google; Aaron Klink, Netflix;
  • Conference Opening
    Speakers:
    Tony Tauber, Comcast; Daniel Golding, Google; Aaron Klink, Netflix;
  • Conference Opening
    Speakers:
    Tony Tauber, Comcast; Daniel Golding, Google; Aaron Klink, Netflix;
  • Research and Education Track
    Speakers:
    Michael Sinatra, ESnet; Julie Percival, University of Texas at Dallas; Michael Smitasin, Lawrence Berkeley National Laboratory; Murat Yuksel, University of Nevada, Reno;
  • Research and Education Track
    Speakers:
    Michael Sinatra, ESnet; Julie Percival, University of Texas at Dallas; Michael Smitasin, Lawrence Berkeley National Laboratory; Murat Yuksel, University of Nevada, Reno;
  • Research and Education Track
    Speakers:
    Michael Sinatra, ESnet; Julie Percival, University of Texas at Dallas; Michael Smitasin, Lawrence Berkeley National Laboratory; Murat Yuksel, University of Nevada, Reno;
  • Research and Education Track
    Speakers:
    Michael Sinatra, ESnet; Julie Percival, University of Texas at Dallas; Michael Smitasin, Lawrence Berkeley National Laboratory; Murat Yuksel, University of Nevada, Reno;
  • Security Track
    Speakers:
    Krassimir TzvetanovA10 Networks, Inc.; .
    Merike Kaeo, DoubleShot Security;
  • Security Track
    Speakers:
    Krassimir TzvetanovA10 Networks, Inc.; .
    Merike Kaeo, DoubleShot Security;
  • Peering Track
    Speakers:
    Greg Hankins, Alcatel-Lucent; Daniel KoppDE-CIX; .
    Brian RoganGoogle; .
    Raul SejasTelefonica; .
    Tom PasekaCloudFlare; .
    Aaron Hughes6connect; .
    Elisa Jasinska, BigWave;
  • Peering Track
    Speakers:
    Greg Hankins, Alcatel-Lucent; Daniel KoppDE-CIX; .
    Brian RoganGoogle; .
    Raul SejasTelefonica; .
    Tom PasekaCloudFlare; .
    Aaron Hughes6connect; .
    Elisa Jasinska, BigWave;
  • Peering Track
    Speakers:
    Greg Hankins, Alcatel-Lucent; Daniel KoppDE-CIX; .
    Brian RoganGoogle; .
    Raul SejasTelefonica; .
    Tom PasekaCloudFlare; .
    Aaron Hughes6connect; .
    Elisa Jasinska, BigWave;
  • Peering Track
    Speakers:
    Greg Hankins, Alcatel-Lucent; Daniel KoppDE-CIX; .
    Brian RoganGoogle; .
    Raul SejasTelefonica; .
    Tom PasekaCloudFlare; .
    Aaron Hughes6connect; .
    Elisa Jasinska, BigWave;
  • Peering Track
    Speakers:
    Greg Hankins, Alcatel-Lucent; Daniel KoppDE-CIX; .
    Brian RoganGoogle; .
    Raul SejasTelefonica; .
    Tom PasekaCloudFlare; .
    Aaron Hughes6connect; .
    Elisa Jasinska, BigWave;
  • Peering Track
    Speakers:
    Greg Hankins, Alcatel-Lucent; Daniel KoppDE-CIX; .
    Brian RoganGoogle; .
    Raul SejasTelefonica; .
    Tom PasekaCloudFlare; .
    Aaron Hughes6connect; .
    Elisa Jasinska, BigWave;
  • Peering Track
    Speakers:
    Greg Hankins, Alcatel-Lucent; Daniel KoppDE-CIX; .
    Brian RoganGoogle; .
    Raul SejasTelefonica; .
    Tom PasekaCloudFlare; .
    Aaron Hughes6connect; .
    Elisa Jasinska, BigWave;

 

^ Back to Top