Request diversion: a novel mechanism to counter P2P based DDoS attacks

P2P-based distributed denial of service (DDoS) attacks represent an emerging threat for today's internet. This type of attacks exploits a design vulnerability of P2P networks in such a way as to drive as many P2P users as possible to download certain popular file(s) from a targeted host. This paper proposes a novel scheme, called request diversion, to counter DDoS attacks originating from P2P networks. The main idea of the proposed scheme is to divert P2P users from requesting a file that is advertised originally by an attacker to be available at the targeted host. This is achieved by intentionally making fake advertisements about the availability of the same file at different locations. The performance of the proposed scheme was evaluated through extensive simulation experiments. Simulation results show that request diversion scheme can reduce attack request rate drastically without being exploited by malicious users and without modifying the P2P clients and protocols.

[1]  Kang G. Shin,et al.  SYN-dog: sniffing SYN flooding sources , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[2]  Keith W. Ross,et al.  The Index Poisoning Attack in P2P File Sharing Systems , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[3]  Andrew S. Tanenbaum,et al.  Distributed systems: Principles and Paradigms , 2001 .

[4]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[5]  Xin Liu,et al.  To filter or to authorize: network-layer DoS defense against multimillion-node botnets , 2008, SIGCOMM '08.

[6]  Kensuke Fukuda,et al.  The impact and implications of the growth in residential user-to-user traffic , 2006, SIGCOMM 2006.

[7]  Angelos D. Keromytis,et al.  SOS: secure overlay services , 2002, SIGCOMM '02.

[8]  Keith W. Ross,et al.  Exploiting P2P systems for DDoS attacks , 2006, InfoScale '06.

[9]  Rakesh Kumar,et al.  The FastTrack overlay: A measurement study , 2006, Comput. Networks.

[10]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM 2001.

[11]  Jun Li,et al.  SAVE: source address validity enforcement protocol , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[12]  Kotagiri Ramamohanarao,et al.  Detecting reflector attacks by sharing beliefs , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[13]  Mamoru Maekawa,et al.  A N algorithm for mutual exclusion in decentralized systems , 1985, TOCS.

[14]  Cristian Estan,et al.  New directions in traffic measurement and accounting , 2001, IMW '01.

[15]  Anat Bremler-Barr,et al.  Spoofing prevention method , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[16]  Angelos D. Keromytis,et al.  SOS: secure overlay services , 2002, SIGCOMM 2002.

[17]  Shahzad Ali,et al.  Measurement of Commercial Peer-To-Peer Live Video Streaming , 2006 .

[18]  Evangelos P. Markatos,et al.  Misusing Unstructured P2P Systems to Perform DoS Attacks: The Network That Never Forgets , 2006, ACNS.

[19]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[20]  Minas Gjoka,et al.  BotTorrent: Misusing BitTorrent to Launch DDoS Attacks , 2007, SRUTI.