Browse > Article
http://dx.doi.org/10.22156/CS4SMB.2020.10.12.022

Response System for DRDoS Amplification Attacks  

Kim, Hyo-Jong (Dept. of Computers & Media Engineering, Tongmyong University)
Han, Kun-Hee (Division of Information & Communication Engineering, Baekseok University)
Shin, Seung-Soo (Dept. of Software Convergence Security, Tongmyong University)
Publication Information
Journal of Convergence for Information Technology / v.10, no.12, 2020 , pp. 22-30 More about this Journal
Abstract
With the development of information and communication technology, DDoS and DRDoS continue to become security issues, and gradually develop into advanced techniques. Recently, IT companies have been threatened with DRDoS technology, which uses protocols from normal servers to exploit as reflective servers. Reflective traffic is traffic from normal servers, making it difficult to distinguish from security equipment and amplified to a maximum of Tbps in real-life cases. In this paper, after comparing and analyzing the DNS amplification and Memcached amplification used in DRDoS attacks, a countermeasure that can reduce the effectiveness of the attack is proposed. Protocols used as reflective traffic include TCP and UDP, and NTP, DNS, and Memcached. Comparing and analyzing DNS protocols and Memcached protocols with higher response sizes of reflective traffic among the protocols used as reflective traffic, Memcached protocols amplify ±21% more than DNS protocols. The countermeasure can reduce the effectiveness of an attack by using the Memcached Protocol's memory initialization command. In future studies, various security-prone servers can be shared over security networks to predict the fundamental blocking effect.
Keywords
Amplification; DDoS; DRDoS; Memcahced; DNS;
Citations & Related Records
Times Cited By KSCI : 8  (Citation Analysis)
연도 인용수 순위
1 I. J. Choi, S. C. Na & T. Y. Shim. (2015). Mixed Responses Techniques for Intelligent DDoS Attacks. Proceedings of KIIT Conference, June, 65-67.
2 N. K. Baik, S. T. Park, S. M. Jin & W. S. Yi. (2003). A study on the network node for guaranteeing availability against traffic overload attack. Korea Institute Of Communication Sciences, 1917-1921.
3 S. Y. Choi, I. S. Kang & Y. M. Kim. (2013). One-time Session Key based HTTP DDoS Defense Mechanisms. Journal of the Korea Society of Computer and Information, 18(8), 95-104. DOI : 10.9708/jksci.2013.18.8.095   DOI
4 H. S. Lee & J. P. Park. (2016). Respond System for Low-Level DDoS Attack. Korea Academy Industrial Cooperation Society, 17(10), 732-742. DOI : 10.5762/KAIS.2016.17.10.732   DOI
5 H. W. Lee. (2005). Design and Implementation of Traceback Simulator for Distributed Reflector DoS Attack on Computer Network. The Korean Association Of Computer Education, 8(1), 65-72.
6 M. J. Kim & K. R. Seo. (2014). A Detect and Defense Mechanism of Stateful DRDoS Attacks. Journal of the Institute of Electronics and Information Engineers, 51(5), 127-134. DOI : 10.5573/ieie.2014.51.5.127   DOI
7 M. Kuhrer, T. Hupperich, C. Rossow. T & Holz. (2014). Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks. USENIX Workshop on Offensive Technologies(WOOT 14).
8 Y. A. Hur & K. H. Lee. (2015). A Study on Countermeasures of Convergence for Big Data and Security Threats to Attack DRDoS in U-Healthcare Device. Journal of the Korea Convergence Society, 6(4), 243-248. DOI : 10.15207/JKCS.2015.6.4.243   DOI
9 S. J. Choi & J. Kwak. (2018). Enhanced Server Availability for DDoS Amplification Attack Using CLDAP Protocol. Korea Information Processing Society, 7(1), 19-26. DOI : 10.3745/KTCCS.2018.7.1.19   DOI
10 H. S. Choi. H. D. Park & H. J. Lee. (2015). A Study on Amplification DRDoS Attacks and Defenses. Journal of Korea Institute of Information, Electronics, and Communication Technology, 8(5), 429-437. DOI : 10.17661/jkiiect.2015.8.5.429   DOI
11 K. O. Park, D. S. Park & J. K. Lee. (2017). A Countermeasure Structure for Attack of SSDP Amplification Used Mac Address authorization, The Korean Institute of Information Scientists and Engineers, 1109-1111.
12 D. H. Choi, M. H. Park & Y. I Joo. (2018). DNS Amplification Attacks Defense System for Software-Defined Networks. Korea Institute Of Communication Sciences, 1959-1966.
13 Y. J. Kim, H. S. Lee & H. K. Choi. (2015). A Study on the Preventing Method against NTP Amplification Attacks. Proceedings of Symposium of the Korean Institute of communications and Information Sciences, 157-158.
14 K. T. Lee, S. S. Baek & S. J. Kim. (2015). Study on the near-real time DNS query analyzing system for DNS amplification attacks. Journal of the Korea Institute of Information Security And Cryptology, 25(2), 303-311. DOI : 10.13089/JKIISC.2015.25.2.303   DOI
15 W. J Park, K. S. Cho & K. H. Lee. (2015). Platform for collecting and processing the message in real time using the Memcached and MySQL Cluster. Proceedings of Symposium of the Korean Institute of communications and Information Sciences, 1203-1204.
16 H. J. Kim, J. H. Lee. & S. S. Shin. (2020). A study on Dynamic Analysis for DRDoS Amplification Attacks. Korea Multimedia Society, 23(2), 106-107.