Stellar: Network Attack Mitigation using Advanced Blackholing

© ACM 2018. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies - CoNEXT ’18, http://dx.doi.org/10.1145/3281411.3281413.Network attacks, including Distributed Denial-of-Service (DDoS), continuously increase in terms of bandwidth along with damage (recent attacks exceed 1.7 Tbps) and have a devastating impact on the targeted companies/governments. Over the years, mitigation techniques, ranging from blackholing to policy-based filtering at routers, and on to traffic scrubbing, have been added to the network operator’s toolbox. Even though these mitigation techniques pro- vide some protection, they either yield severe collateral damage, e.g., dropping legitimate traffic (blackholing), are cost-intensive, or do not scale well for Tbps level attacks (ACL filltering, traffic scrubbing), or require cooperation and sharing of resources (Flowspec). In this paper, we propose Advanced Blackholing and its system realization Stellar. Advanced blackholing builds upon the scalability of blackholing while limiting collateral damage by increasing its granularity. Moreover, Stellar reduces the required level of cooperation to enhance mitigation effectiveness. We show that fine-grained blackholing can be realized, e.g., at a major IXP, by combining available hardware filters with novel signaling mechanisms. We evaluate the scalability and performance of Stellar at a large IXP that interconnects more than 800 networks, exchanges more than 6 Tbps tra c, and witnesses many network attacks every day. Our results show that network attacks, e.g., DDoS amplification attacks, can be successfully mitigated while the networks and services under attack continue to operate untroubled.EC/H2020/679158/EU/Resolving the Tussle in the Internet: Mapping, Architecture, and Policy Making/ResolutioNetDFG, FE 570/4-1, Gottfried Wilhelm Leibniz-Preis 201

Inferring BGP blackholing activity in the Internet

The Border Gateway Protocol (BGP) has been used for decades as the de facto protocol to exchange reachability information among networks in the Internet. However, little is known about how this protocol is used to restrict reachability to selected destinations, e.g., that are under attack. While such a feature, BGP blackholing, has been available for some time, we lack a systematic study of its Internet-wide adoption, practices, and network efficacy, as well as the profile of blackholed destinations. In this paper, we develop and evaluate a methodology to automatically detect BGP blackholing activity in the wild. We apply our method to both public and private BGP datasets. We find that hundreds of networks, including large transit providers, as well as about 50 Internet exchange points (IXPs) offer blackholing service to their customers, peers, and members. Between 2014-2017, the number of blackholed prefixes increased by a factor of 6, peaking at 5K concurrently blackholed prefixes by up to 400 Autonomous Systems. We assess the effect of blackholing on the data plane using both targeted active measurements as well as passive datasets, finding that blackholing is indeed highly effective in dropping traffic before it reaches its destination, though it also discards legitimate traffic. We augment our findings with an analysis of the target IP addresses of blackholing. Our tools and insights are relevant for operators considering offering or using BGP blackholing services as well as for researchers studying DDoS mitigation in the Internet

Diffusion tensor magnetic resonance imaging of the breast: a pilot study

ObjectivesDiffusion-weighted MR imaging has shown diagnostic value for differential diagnosis of breast lesions. Diffusion tensor imaging (DTI) adds information about tissue microstructure by addressing diffusion direction. We have examined the diagnostic application of DTI of the breast.MethodsA total of 59 patients (71 lesions: 54 malignant, 17 benign) successfully underwent prospective echo planar imaging–DTI (EPI-DTI) (1.5 T). First, diffusion direction both of parenchyma as well as lesions was assessed on parametric maps. Subsequently, apparent diffusion coefficient (ADC) and fractional anisotropy (FA) values were measured. Statistics included univariate (Mann–Whitney U test, receiver operating analysis) and multivariate (logistic regression analysis, LRA) tests.ResultsMain diffusion direction of parenchyma was anterior–posterior in the majority of cases (66.1%), whereas lesions (benign, malignant) showed no predominant diffusion direction in the majority of cases (23.9%). ADC values showed highest differences between benign and malignant lesions (P < 0.001) with resulting area under the curve (AUC) of 0.899. FA values were lower in benign (interquartile range, IR, 0.14–0.24) compared to malignant lesions (IR 0.21–0.35, P < 0.002) with an AUC of 0.751–0.770. Following LRA, FA did not prove to have incremental value for differential diagnosis over ADC values.ConclusionsMicroanatomical differences between benign and malignant breast lesions as well as breast parenchyma can be visualized by using DTI

Nipah virus induces two inclusion body populations: Identification of novel inclusions at the plasma membrane.

Formation of cytoplasmic inclusion bodies (IBs) is a hallmark of infections with non-segmented negative-strand RNA viruses (order Mononegavirales). We show here that Nipah virus (NiV), a bat-derived highly pathogenic member of the Paramyxoviridae family, differs from mononegaviruses of the Rhabdo-, Filo- and Pneumoviridae families by forming two types of IBs with distinct localizations, formation kinetics, and protein compositions. IBs in the perinuclear region form rapidly upon expression of the nucleocapsid proteins. These IBperi are highly mobile and associate with the aggresome marker y-tubulin. IBperi can recruit unrelated overexpressed cytosolic proteins but do not contain the viral matrix (M) protein. Additionally, NiV forms an as yet undescribed IB population at the plasma membrane (IBPM) that is y-tubulin-negative but contains the M protein. Infection studies with recombinant NiV revealed that IBPM require the M protein for their formation, and most likely represent sites of NiV assembly and budding. The identification of this novel type of plasma membrane-associated IBs not only provides new insights into NiV biology and may open new avenues to develop novel antiviral approaches to treat these highly pathogenic viruses, it also provides a basis for a more detailed characterization of IBs and their role in virus assembly and replication in infections with other Mononegavirales

APOS—antibiotic prophylaxis for preventing infectious complications in orthognathic surgery: study protocol for a phase III, multicentre, randomised, controlled, double blinded, clinical trial with two parallel study arms

Background!#!It is a constant debate among surgeons whether the use of prolonged postoperative antibiotics may reduce surgical site infection rates. As specific treatment guidelines are still lacking, many surgeons continue to use broad-spectrum antibiotics, causing not only increased costs but also contributing to the potential for antibiotic resistance. Hence, there is an urgent need for an appropriately designed prospective clinical trial, to investigate whether a prophylactic use of antibiotics after surgery actually decreases surgical site infections to a clinically relevant degree.!##!Methods!#!This study presents a multicentre, randomised, controlled, double-blinded, clinical trial with two parallel study arms to demonstrate that no postoperative antibiotic prophylaxis (AP) is not inferior to antibiotic prophylaxis with respect to surgical site infections in patients having undergone orthognathic surgery. The primary efficacy endpoint is defined as the occurrence of postoperative surgical site infections within 30 days of surgery. Secondary endpoints are further efficacy and subject-oriented parameters within 90 days after surgery. The entire trial is planned for 54 months, with an enrolment of 1420 patients over 39 months by 14 national participating centres.!##!Discussion!#!As a highly standardised procedure on an exceeding, healthy and young homogenous study population and identical processes all over the world, elective orthognathic surgery as clean-contaminated procedure provides comparable intervention groups with balanced baseline characteristics, comparable surgical duration, even when performed within multiple centres. Therefore, evaluating antibiotic prophylaxis after orthognathic surgery will be of high scientific value representable for other surgical procedures.!##!Trial registration!#!DRKS-German Clinical Trials Register- DRKS00022838 ; EudraCT No. 2020-001397-30. Registered on 29 March 2021

United We Stand: Collaborative Detection and Mitigation of Amplification DDoS Attacks at Scale

Amplification Distributed Denial of Service (DDoS) attacks' traffic and harm are at an all-time high. To defend against such attacks, distributed attack mitigation platforms, such as traffic scrubbing centers that operate in peering locations, e.g., Internet Exchange Points (IXP), have been deployed in the Internet over the years. These attack mitigation platforms apply sophisticated techniques to detect attacks and drop attack traffic locally, thus, act as sensors of attacks. However, it has not yet been systematically evaluated and reported to what extent coordination of these views by different platforms can lead to more effective mitigation of amplification DDoS attacks. In this paper, we ask the question: "Is it possible to mitigate more amplification attacks and drop more attack traffic when distributed attack mitigation platforms collaborate?"To answer this question, we collaborate with eleven IXPs that operate in three different regions. These IXPs have more than 2,120 network members that exchange traffic at the rate of more than 11 Terabits per second. We collect network data over six months and analyze more than 120k amplification DDoS attacks. To our surprise, more than 80% of the amplification DDoS are not detected locally, although the majority of the attacks are visible by at least three IXPs. A closer investigation points to the shortcomings, such as the multi-protocol profile of modern amplification attacks, the duration of the attacks, and the difficulty of setting appropriate local attack traffic thresholds that will trigger mitigation. To overcome these limitations, we design and evaluate a collaborative architecture that allows participant mitigation platforms to exchange information about ongoing amplification attacks. Our evaluation shows that it is possible to collaboratively detect and mitigate the majority of attacks with limited exchange of information and drop as much as 90% more attack traffic locally.Cyber Securit