Browse > Article
http://dx.doi.org/10.5573/ieie.2014.51.5.127

A Detect and Defense Mechanism of Stateful DRDoS Attacks  

Kim, Minjun (Dept. Computer Eng., Pukyong National University)
Seo, Kyungryong (Dept. Computer Eng., Pukyong National University)
Publication Information
Journal of the Institute of Electronics and Information Engineers / v.51, no.5, 2014 , pp. 127-134 More about this Journal
Abstract
In DRDoS(Distributed Reflective Denial of Service) attacks, the victim is bombarded by packets from legitimate reflector unlike DDoS(Distributed Denial of Service) attacks through zombie, which is more dangerous than DDoS attack because it is in stronger disguise. Therefore, the method of filtering packet method on router are useless. Moreover SCTP(Stream Control Transmission Protocol) multi-homing feature, such as with an improved transmission protocol allows detecting attacks is more difficult and the effect of the attack can be maximized. In this paper we propose a DRDoS detection mechanism based on DRDoS utilizing attention to the characteristics of stateful protocols. The proposed scheme is backed by stateful firewall, and detect DRDoS attacks through a rules table and perform a defense treatment against DRDoS attack. Rules table with a simple structure is possible to easily adapt for any kind of stateful protocol can used by DRDoS attack. The experimental result confirm that our proposed scheme well detect DRDoS attacks using SCTP, the next-generation transmission protocol which not known by victim, and reduce the attacking packets rapidly.
Keywords
DRDoS; stateful protocol; multihoming;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Jong Shik Ha, Seok Joo Koh and Jung Soo Park, "SCTP versus TCP." 대한전자공학회, ITC-CSCC : 2005 Proceedings Vol. 4, pp. 1477-1478, 2005.
2 Fan Y., Hassanein H., Martin P., "Proactively Defeating Distributed Denial of Service Attacks." Vol. 2, IEEE CCECE 2003. Canadian Conference on Electrical and Computer Engineering, pp. 1047-1050, 2003.
3 X. Yang, W. Yang, Y. Shi and Y. Gong, "The Detection and Orientation Method to DRDoS Attack Based on Fuzzy Association Rules." Journal of Communication and Computer, Vol. 3, no. 8, pp. 1-10, 2006.
4 R. Stewart, Q. Xie, K. Morneault, C. Sharp, H. Schwarzbauer, T. Taylor, I. Rytina, M. Kalla, L. Zhang and V. Paxson, "Stream Control Transmission Protocol." rfc2960, 2000.
5 E. P. Rathgeb, C. Hohendorf and M. Nordhoff, "On the Robustness of SCTP against DoS Attacks." Convergence and Hybrid Information Technology, 2008. ICCIT'08. Third International Conference on, pp. 1144-1149, 2008.
6 Mohamed G Gouda, and Alex X Liu, "A Model of Stateful Firewalls and Its Properties," in Dependable Systems and Networks, DSN 2005. Proceedings. International Conference on (IEEE, 2005), pp. 128-37, 2005.
7 Tao Peng, Leckie C., Ramamohanarao K., "Protection from Distributed Denial of Service Attacks Using History-based IP Filtering." 2003. ICC'03, IEEE International Conference on Communications, pp. 482-486. 2003.
8 S. Gibson, "DRDOS: Distributed Reflection Denial of Service." http://grc.com/dos/drdos.htm, 2002.
9 J. Mirkovic and P. Reiher, "A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms." ACM SIGCOMM Computer Communication Review, Vol. 32, no. 2, pp. 39-53, 2004.
10 M. McDowell, "Understanding Denial-of-Service Attacks." Security Tip (ST04-015), US-CERT, http://www.us-cert.gov/ncas/tips/st04-015.
11 Douligeris C., and Mitrokotsa A., DDoS Attacks and Defense Mechanisms." A Classification Signal Processing and Information Technology, 2003. ISSPIT 2003. Proceedingsof the 3rd IEEE International Symposium, pp. 190-193, 2003.
12 J. J. A. Hamilton, Denial of Service: Distributed Reflection DOS Attack, Auburn Information Assurance Laboratory, 2012.
13 H. Tsunoda, K. Ohta, A. Yamamoto, N. Ansari, Y. Waizumi and Y. Nemoto, "Detecting DRDoS attacks by a simple response packet confirmation mechanism." Computer Communications, Vol. 32, no. 14, pp. 3299-3306, 2008.
14 H. Kim, J.-H. Kim, I. Kang and S. Bahk, "Preventing session table explosion in packet inspection computers." Computers, IEEE Transactions on, Vol. 54, no. 2, pp. 238-240, 2005.   DOI   ScienceOn
15 Wei Zhou, Lina Wang, Huanguo Zhang, Jianming Fu, "A New DDoS Attack and Countermeasure against It." Computer Engineer and Application, Vol. 1, pp. 144-146, 2003.
16 R. Stewart, M. Tuexen and G. Camarillo, "Security Attacks Found Against the Stream Control Transmission Protocol (SCTP) and Current Countermeasures." rfc5062, 2007.