Browse > Article
http://dx.doi.org/10.6109/jkiice.2020.24.12.1670

Multi-level detection method for DRDoS attack  

Baik, Nam-Kyun (Department of Information Security, Busan University of Foreign Studies)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.24, no.12, 2020 , pp. 1670-1675 More about this Journal
Abstract
In this study, to provide the basis for establishing effective network based countermeasures against DRDoS(Distributed Reflection Denial of Service) attacks, we propose a new 'DRDoS attack multi-level detection method' that identifies the network based characteristics of DRDoS and applies probability and statistical techniques. The proposed method removes the limit to which normal traffic can be indiscriminately blocked by unlimited competition in network bandwidth by amplification of reflectors, which is characteristic of DRDoS. This means that by comparing 'Server to Server' and 'Outbound Session Incremental' for it, accurate DRDoS identification and detection is possible and only statistical and probabilistic thresholds are applied to traffic. Thus, network-based information security systems can take advantage of this to completely eliminate DRDoS attack frames. Therefore, it is expected that this study will contribute greatly to identifying and responding to DRDoS attacks.
Keywords
DRDoS; DDoS; Traffic amplification; well-known port; Threshold value;
Citations & Related Records
연도 인용수 순위
  • Reference
1 DDoS Attack Response Guide for Small and Medium Businesses: [Internet]. Available: https://www.boho.or.kr/data/guideView.do?bulletin_writing_sequence =35135, 2019.
2 Kaspersky DDOS attacks in Q1 2017: [Internet]. Available: https://securelist.com/ddos-attacks-in-q1-2017/78285/, 2017.
3 M. Kuhrer, T. Hupperich, C. Rossow and T. Holz, "Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks," USENIX Workshop on Offensive Technologies, 2014.
4 H. Huang, L. Hu, J. Chu, and X. Cheng, "An Authentication Scheme to Defend Against UDP DrDoS Attacks in 5G Networks," Institute of Electrical and Electronics Engineers, vol. 7, 2019
5 NTP Amplification DDoS Attack: [Internet]. Available: http://cve.mitre.org, 2013.
6 CVE-2006-0987 Learn more at National Vulnerability Database (NVD): [Internet]. Available: https://cve.mitre.org, 2006.
7 R.g Xu, J. Cheng, F. Wang, X. Tang, and J. Xu, "A DRDoS Detection and Defense Method Based on Deep Forest in the Big Data Environment," Symmetry, vol. 11, no. 1, Nov. 2019.
8 Web Server Traffic in Crisis Conditions: [Internet]. Available: https://lup.lub.lu.se/search/ws/files/6029596/625288.pdf, 2005.
9 N. Baik and N. Kang, "Multi-Phase Detection of Spoofed SYN Flooding attacks," International journal of Grid and Distributed Computing, vol. 11, no. 3, Mar. 2018.
10 TCP: [Internet]. Available: https://www.rfc-editor.org, 1981.