Browse > Article
http://dx.doi.org/10.17661/jkiiect.2015.8.5.429

A Study on Amplification DRDoS Attacks and Defenses  

Choi, Hyunsang (Department of Computer Science and Engineering, Korea University)
Park, Hyundo (Department of Computer Science and Engineering, Korea University)
Lee, Heejo (Department of Computer Science and Engineering, Korea University)
Publication Information
The Journal of Korea Institute of Information, Electronics, and Communication Technology / v.8, no.5, 2015 , pp. 429-437 More about this Journal
Abstract
DDoS attacks have been used for paralyzing popular Internet services. Especially, amplification attacks have grown dramatically in recent years. Defending against amplification attacks is challenging since the attacks usually generate extremely hugh amount of traffic and attack traffic is coming from legitimate servers, which is hard to differentiate from normal traffic. Moreover, some of protocols used by amplification attacks are widely adopted in IoT devices so that the number of servers susceptible to amplification attacks will continue to increase. This paper studies on the analysis of amplification attack mechanisms in detail and proposes defense methodologies for scenarios where attackers, abused servers or victims are in a monitoring network.
Keywords
Amplification attack; DDoS; IoT; Defense; Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 https://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack/
2 Shodan, networked device search engine, http://www.shodanhq.com/
3 Karami, M., McCoy, D. "Understanding the Emerging Threat of DDoS-as-a-Service", Proc. of the 6th UNSENIX Workshop on Large-Scale Exploits and Emergent Threats. (LEET), 2013.
4 J. Mirkovic , P. Reiher, "A taxonomy of DDoS attack and DDoS defense mechanisms", ACM SIGCOMM, 2004.
5 M. M. Andrade and N. Vlajic, "Dirt jumper: A key player in today's botnet-for-ddos market". IEEE WorldCIS, 2012.
6 M. S. Kang, S. B. Lee, and V. D. Gligor, "The Crossfire Attack", Proc. of IEEE Security and Privacy (S&P), 2013.
7 A. Studer and A. Perrig, "The Coremelt Attack", Proc. of the European Symposium on Research in Computer Security (ESORICS), 2009.
8 J. Ioannidis and S. M. Bellovin, "Implementing Pushback: Router-Based Defense Against DDoS Attacks", Proc. of Network and Distributed System Security Symposium (NDSS), 2002
9 V. Sekar, N. G. Duffield, O. Spatscheck, J. E. van der Merwe, and H. Zhang, "LADS: Large-scale Automated DDoS Detection System", Proc. of the USENIX Annual Technical Conference (ATC), 2006.
10 X. Wang and M. K. Reiter, "Mitigating BandwidthExhaustion Attacks Using Congestion Puzzles", Proc. of the 11th ACM Conference on Computer and Communications Security (CCS), 2004.
11 J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan, "Fast Portscan Detection Using Sequential Hypothesis Testing", Proc. of IEEE Symposium on Security and Privacy (S&P), 2004
12 C. Rossow, "Amplification Hell: Revisiting Network Protocols for DDoS Abuse", Proc. of the Network and Distributed System Security (NDSS) Symposium, 2014.
13 M. Kuhrer , T. Hupperich , C. Rossow , T. Holz, "Exit from hell? reducing the impact of amplification DDoS attacks", Proc. of the 23rd USENIX conference on Security Symposium, 2014.
14 M. Kuhrer, T. Hupperich, C. Rossow, T. Holz, "Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks", USENIX Workshop on Offensive Technologies (WOOT), 2014.
15 Shadowserver foundation, https://www.shadowserver.org/
16 P. Ferguson and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing", IETF RFC 2827, 2000
17 K. Park and H. Lee, "On the Effectiveness of Route-based Packet Filtering for Distributed DoS Attack Prevention in Power-law Internets", ACM SIGCOMM, 2001.
18 W. Feng, E. Kaiser, W. Feng, and A. Luu, "Design and implementation of network puzzles", Proc. of IEEE INFOCOM 2005.
19 S. Gorbunov and A. Rosenbloom, "Autofuzz: Automated network protocol fuzzing framework", IJCSNS International Journal of Computer Science and Network Security, 2010.
20 https://www.cloudflare.com/
21 Y. Gilad and A. Herzberg, "LOT: A Defense Against IP Spoofing and Flooding Attacks", ACM Transaction on Information and System Security, 2012.