论文信息 - DoS Amplification Attacks - Protocol-Agnostic Detection of Service Abuse in Amplifier Networks

DoS Amplification Attacks - Protocol-Agnostic Detection of Service Abuse in Amplifier Networks

For many years Distributed Denial-of-Service attacks have been known to be a threat to Internet services. Recently a configuration flaw in NTP daemons led to attacks with traffic rates of several hundred Gbit/s. For those attacks a third party, the amplifier, is used to significantly increase the volume of traffic reflected to the victim. Recent research revealed more UDP-based protocols that are vulnerable to amplification attacks. Detecting such attacks from an abused amplifier network’s point of view has only rarely been investigated.

[1] Georgios Kambourakis,et al. Detecting DNS Amplification Attacks , 2007, CRITIS.

[2] Paul Ferguson,et al. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[3] Ruby B. Lee,et al. Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures , 2004, PDCS.

[4] Christian Rossow,et al. Amplification Hell: Revisiting Network Protocols for DDoS Abuse , 2014, NDSS.

[5] Bin Liu,et al. Efficient and Low-Cost Hardware Defense Against DNS Amplification Attacks , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[6] Jon Postel. Quote of the Day Protocol , 1983, RFC.

[7] M. Iqbal Saripan,et al. Detection of Denial of Service Attacks against Domain Name System Using Neural Networks , 2009, ArXiv.