Detecting DRDoS attacks by a simple response packet confirmation mechanism

In this paper, we propose a simple and robust method to detect Distributed Reflective Denial of Service (DRDoS) attacks. In DRDoS attacks, the victim is bombarded by reflected response packets from legitimate hosts, and thus it is difficult to distinguish attack packets from legitimate packets. We f...

Full description

Saved in:
Bibliographic Details
Published in:Computer communications 2008-09, Vol.31 (14), p.3299-3306
Main Authors: Tsunoda, Hiroshi, Ohta, Kohei, Yamamoto, Atsunori, Ansari, Nirwan, Waizumi, Yuji, Nemoto, Yoshiaki
Format: Article
Language:English
Subjects:
Applied sciences
Computer science
control theory
systems
Computer systems and distributed systems. User interface
Detection
Distributed reflection DoS
Exact sciences and technology
Memory and file management (including protection and security)
Memory organisation. Data processing
Response confirmation
Software
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In this paper, we propose a simple and robust method to detect Distributed Reflective Denial of Service (DRDoS) attacks. In DRDoS attacks, the victim is bombarded by reflected response packets from legitimate hosts, and thus it is difficult to distinguish attack packets from legitimate packets. We focus on the fact that the types of packets used for DRDoS are limited and predictable. Hence, the proposed method monitors only limited pairs of requests and responses, and confirms the validity of the received response packets based on the request–response relationship. Therefore, the proposed method does not need complicated state management such as the stateful inspection method, and thus the detection mechanism becomes simple. We also analyze the complexity of the proposed method, and show that the proposed method requires low processing cost as compared with the conventional method. Through experiments using a real networking environment, we demonstrate that the proposed method can accurately detect DRDoS packets at a low cost.
ISSN:0140-3664
1873-703X
DOI:10.1016/j.comcom.2008.05.033