Detecting DRDoS attacks by a simple response packet confirmation mechanism

Authors:
Hiroshi Tsunoda;Kohei Ohta;Atsunori Yamamoto;Nirwan Ansari;Yuji Waizumi;Yoshiaki Nemoto
Affiliations:
Tohoku Institute of Technology, Yagiyama Kasumicho 35-1, Taihaku-ku, Sendai 982-8577, Japan;Cyber Solutions Inc., Minami Yoshinari 6-6-3, Aoba-ku, Sendai 989-3204, Japan;NTT DATA Corporation, Toyosu Center Buildings, 3-3, Toyosu 3-chome, Koto-ku, Tokyo 135-6033, Japan;Advanced Networking Laboratory, Department of Electrical and Computer Engineering, New Jersey Institute of Technology, Newark, NJ 07102-1982, USA;Graduate School of Information Sciences, TOHOKU University, Aramaki Aza Aoba 6-6-05, Aoba-ku, Sendai 980-8579, Japan;Graduate School of Information Sciences, TOHOKU University, Aramaki Aza Aoba 6-6-05, Aoba-ku, Sendai 980-8579, Japan
Venue:
Computer Communications
Year:
2008

Citing 11
Cited 1

Towards trapping wily intruders in the large

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Hash-based IP traceback

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Network support for IP traceback

IEEE/ACM Transactions on Networking (TON)
An analysis of using reflectors for distributed denial-of-service attacks

ACM SIGCOMM Computer Communication Review
Single-packet IP traceback

IEEE/ACM Transactions on Networking (TON)
Hop-count filtering: an effective defense against spoofed DDoS traffic

Proceedings of the 10th ACM conference on Computer and communications security
DDoS attacks and defense mechanisms: classification and state-of-the-art

Computer Networks: The International Journal of Computer and Telecommunications Networking
On deterministic packet marking

Computer Networks: The International Journal of Computer and Telecommunications Networking
Defending against flooding-based distributed denial-of-service attacks: a tutorial

IEEE Communications Magazine
On IP traceback

IEEE Communications Magazine
Tracing cyber attacks from the practical perspective

IEEE Communications Magazine

Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems

Computer Communications

Quantified Score

Hi-index	0.24

Visualization

Abstract

In this paper, we propose a simple and robust method to detect Distributed Reflective Denial of Service (DRDoS) attacks. In DRDoS attacks, the victim is bombarded by reflected response packets from legitimate hosts, and thus it is difficult to distinguish attack packets from legitimate packets. We focus on the fact that the types of packets used for DRDoS are limited and predictable. Hence, the proposed method monitors only limited pairs of requests and responses, and confirms the validity of the received response packets based on the request-response relationship. Therefore, the proposed method does not need complicated state management such as the stateful inspection method, and thus the detection mechanism becomes simple. We also analyze the complexity of the proposed method, and show that the proposed method requires low processing cost as compared with the conventional method. Through experiments using a real networking environment, we demonstrate that the proposed method can accurately detect DRDoS packets at a low cost.