Defense Analysis Against Store and Forward Distributed Reflective Denial of Service Attacks

Distributed Denial of Service (DDoS) attacks are a dangerous large scale highly coordinated attempts to disable network-based computer systems. The attackers are comprised of a large number of agents working to overwhelm the victim with fake requests. Thus, preventing legitimate users from gaining access to the services provided by the victim. These attacks can target web services, as well as the networking infrastructure of critical cyberphysical systems like power stations and water distribution networks. Recently, a new class of DDoS attacks has emerged; Distributed Reflective Denial of Service (DRDoS) attacks are the new trend in this category. By reflecting and amplifying UDP traffic, the attackers are able to divert a large volume of traffic toward the victim. Under this category, store and flood DRDoS attacks have employed P2P networks to store the attack data on agents prior to the attack phase. These attacks have proved to be highly capable and more dangerous than traditional DoS attacks. In this paper, we to tackle the store and flood DRDoS problem. By studying the elements and mechanism of the attack, we develop mechanisms to mitigate the effects of these attacks and filter unwanted traffic.

[1]  Xin Liu,et al.  NetFence: preventing internet denial of service from inside out , 2010, SIGCOMM '10.

[2]  Taoufik En-Najjary,et al.  Long Term Study of Peer Behavior in the kad DHT , 2009, IEEE/ACM Transactions on Networking.

[3]  Minas Gjoka,et al.  BotTorrent: Misusing BitTorrent to Launch DDoS Attacks , 2007, SRUTI.

[4]  Stefan Schmid,et al.  Poisoning the Kad Network , 2010, ICDCN.

[5]  Xueqi Cheng,et al.  Rainbow: A Robust and Versatile Measurement Tool for Kademlia-Based DHT Networks , 2010, 2010 International Conference on Parallel and Distributed Computing, Applications and Technologies.

[6]  Craig A. Shue,et al.  Characterizing Optimal DNS Amplification Attacks and Effective Mitigation , 2015, PAM.

[7]  Christian Rossow,et al.  Exit from Hell? Reducing the Impact of Amplification DDoS Attacks , 2014, USENIX Security Symposium.

[8]  Mourad Debbabi,et al.  Fingerprinting Internet DNS Amplification DDoS Activities , 2014, 2014 6th International Conference on New Technologies, Mobility and Security (NTMS).

[9]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[10]  Keith W. Ross,et al.  The Index Poisoning Attack in P2P File Sharing Systems , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[11]  Thomas C. Schmidt,et al.  Amplification and DRDoS Attack Defense - A Survey and New Perspectives , 2015, ArXiv.

[12]  Georgios Kambourakis,et al.  DNS amplification attack revisited , 2013, Comput. Secur..

[13]  Srikanth Kandula,et al.  Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds , 2005, NSDI.

[14]  Jun Li,et al.  Splider: A split-based crawler of the BT-DHT network and its applications , 2014, 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC).

[15]  Olivier Festor,et al.  Detection and mitigation of localized attacks in a widely deployed P2P network , 2013, Peer Peer Netw. Appl..

[16]  Taoufik En-Najjary,et al.  A global view of kad , 2007, IMC '07.

[17]  Christian Rossow,et al.  Amplification Hell: Revisiting Network Protocols for DDoS Abuse , 2014, NDSS.

[18]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[19]  Hong Li,et al.  Application layer DDoS attack detection using cluster with label based on sparse vector decomposition and rhythm matching , 2015, Secur. Commun. Networks.

[20]  Tao Wei,et al.  SF-DRDoS: The store-and-flood distributed reflective denial of service attack , 2015, Comput. Commun..

[21]  G. Manimaran,et al.  JUST-Google: A Search Engine-Based Defense Against Botnet-Based DDoS Attacks , 2009, 2009 IEEE International Conference on Communications.

[22]  Michael Bailey,et al.  Taming the 800 Pound Gorilla: The Rise and Decline of NTP DDoS Attacks , 2014, Internet Measurement Conference.

[23]  Thomas E. Anderson,et al.  Phalanx: Withstanding Multimillion-Node Botnets , 2008, NSDI.

[24]  Georgios Kambourakis,et al.  Detecting DNS Amplification Attacks , 2007, CRITIS.

[25]  Shunzheng Yu,et al.  Monitoring the Application-Layer DDoS Attacks for Popular Websites , 2009, IEEE/ACM Transactions on Networking.