A reversible sketch-based method for detecting and mitigating amplification attacks

Abstract Amplification attacks bring serious threats to network security due to their characteristics of anonymity and amplification. How to detect amplification attacks attracts more and more attention. However, as the age of networking for big data is coming, traditional amplification attack detection methods become inefficient due to the impact of big-volume network traffic that swamp significant signals of attacks. The premise of accurate effective attack detection is efficiently processing big-volume traffic. In this paper, we propose a meaningful work that applies sketch technique to detect and mitigate amplification attacks. This step enables the detection method to handle big-volume network traffic. We use a Chinese Reminder Theorem based Reversible Sketch to directly collect network traffic and then monitor the abrupt changes in one-to-one mapping between request packets and response packets to identify amplification attack traffic. The detection mechanism is robust and efficient since it does not need to record complicated traffic features and makes full use of the basic characteristic of amplification attacks. We examine the performance of our method through a series of experiments conducted on simulation and real world traffic. The results denote that the method can accurately detect and mitigate amplification attacks.

[1]  Kouichi Sakurai,et al.  A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation , 2016, 2016 11th Asia Joint Conference on Information Security (AsiaJCIS).

[2]  Mohammed Atiquzzaman,et al.  LTE/LTE-A Network Security Data Collection and Analysis for Security Measurement: A Survey , 2018, IEEE Access.

[3]  Zheng Yan,et al.  A survey on network data collection , 2018, J. Netw. Comput. Appl..

[4]  Kouichi Sakurai,et al.  A Behavior-Based Method for Detecting DNS Amplification Attacks , 2016, 2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS).

[5]  Wanlei Zhou,et al.  Identifying Propagation Sources in Networks: State-of-the-Art and Comparative Studies , 2017, IEEE Communications Surveys & Tutorials.

[6]  Jun Zhang,et al.  Detecting and Preventing Cyber Insider Threats: A Survey , 2018, IEEE Communications Surveys & Tutorials.

[7]  Tong Yang,et al.  Pyramid Sketch: a Sketch Framework for Frequency Estimation of Data Streams , 2017, Proc. VLDB Endow..

[8]  William J. Buchanan,et al.  Evaluation of TFTP DDoS amplification attack , 2016, Comput. Secur..

[9]  Christian Rossow,et al.  Exit from Hell? Reducing the Impact of Amplification DDoS Attacks , 2014, USENIX Security Symposium.

[10]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[11]  Zheng Yan,et al.  A Survey on Network Security-Related Data Collection Technologies , 2018, IEEE Access.

[12]  Tanmay De,et al.  Detection of DDoS DNS Amplification Attack Using Classification Algorithm , 2016, ICIA.

[13]  Michael Backes,et al.  On the Feasibility of TTL-Based Filtering for DRDoS Mitigation , 2016, RAID.

[14]  Witold Pedrycz,et al.  Security Data Collection and Data Analytics in the Internet: A Survey , 2019, IEEE Communications Surveys & Tutorials.

[15]  Witold Pedrycz,et al.  Data collection for attack detection and security measurement in Mobile Ad Hoc Networks: A survey , 2018, J. Netw. Comput. Appl..

[16]  Wei Wei,et al.  A Rank Correlation Based Detection against Distributed Reflection DoS Attacks , 2013, IEEE Communications Letters.

[17]  Xiapu Luo,et al.  SkyShield: A Sketch-Based Defense System Against Application Layer DDoS Attacks , 2018, IEEE Transactions on Information Forensics and Security.

[18]  Georgios Kambourakis,et al.  Detecting DNS Amplification Attacks , 2007, CRITIS.

[19]  Craig A. Shue,et al.  The best bang for the byte: Characterizing the potential of DNS amplification attacks , 2017, Comput. Networks.

[20]  David Huistra Detecting Reflection Attacks in DNS Flows , 2013 .

[21]  Edoardo Biagioni Preventing UDP Flooding Amplification Attacks with Weak Authentication , 2019, 2019 International Conference on Computing, Networking and Communications (ICNC).

[22]  Sanming Zhou,et al.  Networking for Big Data: A Survey , 2017, IEEE Communications Surveys & Tutorials.

[23]  Balachander Krishnamurthy,et al.  Sketch-based change detection: methods, evaluation, and applications , 2003, IMC '03.

[24]  Georg Carle,et al.  DoS Amplification Attacks - Protocol-Agnostic Detection of Service Abuse in Amplifier Networks , 2015, TMA.

[25]  Christian Rossow,et al.  Amplification Hell: Revisiting Network Protocols for DDoS Abuse , 2014, NDSS.

[26]  Michael Backes,et al.  Identifying the Scan and Attack Infrastructures Behind Amplification DDoS Attacks , 2016, CCS.

[27]  Witold Pedrycz,et al.  Network traffic fusion and analysis against DDoS flooding attacks with a novel reversible sketch , 2019, Inf. Fusion.

[28]  Nirwan Ansari,et al.  Detecting DRDoS attacks by a simple response packet confirmation mechanism , 2008, Comput. Commun..

[29]  Barry Irwin,et al.  Characterization and analysis of NTP amplification based DDoS attacks , 2015, 2015 Information Security for South Africa (ISSA).

[30]  Paul Rimba,et al.  Data-Driven Cybersecurity Incident Prediction: A Survey , 2019, IEEE Communications Surveys & Tutorials.

[31]  Georgios Kambourakis,et al.  DNS amplification attack revisited , 2013, Comput. Secur..

[32]  Graham Cormode,et al.  An improved data stream summary: the count-min sketch and its applications , 2004, J. Algorithms.

[33]  Xuemin Sherman Shen,et al.  Networking for Big Data , 2015 .

[34]  C. Chellappan,et al.  A Pioneer Scheme in the Detection and Defense of DrDoS Attack Involving Spoofed Flooding Packets , 2014, KSII Trans. Internet Inf. Syst..

[35]  Moses Charikar,et al.  Finding frequent items in data streams , 2004, Theor. Comput. Sci..

[36]  Gustavo Alonso,et al.  Augmented Sketch: Faster and More Accurate Stream Processing , 2016, SIGMOD Conference.

[37]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.