Overview
Explore a groundbreaking approach to mitigating Distributed Denial of Service (DDoS) attacks in this 23-minute conference talk presented at the 2018 IEEE Symposium on Security & Privacy. Discover Nyx, a novel system that treats DDoS mitigation as a routing problem rather than a filtering issue. Learn how this conceptual shift allows for effective defense against modern DDoS attacks, including transit-link DDoS, without requiring Internet redesign or external cooperation. Understand the innovative use of Border Gateway Protocol (BGP) and traffic engineering techniques to isolate critical traffic from attacked links onto uncongested paths. Examine the impressive results from Internet-scale simulations, showing Nyx's ability to successfully route around network segments under attack in over 98% of cases. Gain insights into the system's effectiveness in providing complete congestion relief for both transit-link and direct DDoS attacks.
Syllabus
Introduction
Do we care about DDoS
NICs
Internet Routing
DDoS
Example
Alternate Routes
FERP
Pack Lining
Disturbance
Path Lining
Searching
Simulation
Bandwidth
Prerequisites
Clap
Boring
Traditional DDoS
TransLink DDoS Mitigation
TransLink DDoS Mitigation Results
Ongoing Work
How do you detect congestion
Taught by
IEEE Symposium on Security and Privacy