Detecting DRDoS attacks by a simple response packet confirmation mechanism

Authors

Hiroshi Tsunoda, Tohoku Institute of Technology
Kohei Ohta, Cyber Solutions Inc.
Atsunori Yamamoto, NTT DATA Group Corporation
Nirwan Ansari, Newark College of Engineering
Yuji Waizumi, Tohoku University
Yoshiaki Nemoto, Tohoku University

Document Type

Article

Publication Date

9-5-2008

Abstract

In this paper, we propose a simple and robust method to detect Distributed Reflective Denial of Service (DRDoS) attacks. In DRDoS attacks, the victim is bombarded by reflected response packets from legitimate hosts, and thus it is difficult to distinguish attack packets from legitimate packets. We focus on the fact that the types of packets used for DRDoS are limited and predictable. Hence, the proposed method monitors only limited pairs of requests and responses, and confirms the validity of the received response packets based on the request-response relationship. Therefore, the proposed method does not need complicated state management such as the stateful inspection method, and thus the detection mechanism becomes simple. We also analyze the complexity of the proposed method, and show that the proposed method requires low processing cost as compared with the conventional method. Through experiments using a real networking environment, we demonstrate that the proposed method can accurately detect DRDoS packets at a low cost. © 2008 Elsevier B.V. All rights reserved.

Identifier

49649095338 (Scopus)

Publication Title

Computer Communications

External Full Text Location

https://doi.org/10.1016/j.comcom.2008.05.033

ISSN

01403664

First Page

3299

Last Page

3306

Issue

14

Volume

31

Recommended Citation

Tsunoda, Hiroshi; Ohta, Kohei; Yamamoto, Atsunori; Ansari, Nirwan; Waizumi, Yuji; and Nemoto, Yoshiaki, "Detecting DRDoS attacks by a simple response packet confirmation mechanism" (2008). Faculty Publications. 12705.
https://digitalcommons.njit.edu/fac_pubs/12705