Fast target link flooding attack detection scheme by analyzing traceroute packets flow

Recently, a botnet based DDoS (Distributed Denial of Service) attack, called target link flooding attack, has been reported that cuts off specific links over the Internet and disconnects a specific region from other regions. Detecting or mitigating the target link flooding attack is more difficult than legacy DDoS attack techniques, since attacking flows do not reach the target region. Although many mitigation schemes are proposed, they detect the attack after it occurs. In this paper, we propose a fast target link flooding attack detection scheme by leveraging the fact that the traceroute packets are increased before the attack caused by the attacker's reconnaissance. Moreover, by analyzing the characteristic of the target link flooding attack that the number of traceroute packets simultaneously increases in various regions over the network, we propose a detection scheme with multiple detection servers to eliminate false alarms caused by sudden increase of traceroute packets sent by legitimate users. We show the effectiveness of our scheme by computer simulations.

[1]  Geert Deconinck,et al.  Analyzing well-known countermeasures against distributed denial of service attacks , 2012, Comput. Commun..

[2]  Dimitrios Gkounis Cross-domain DoS link-flooding attack detection and mitigation using SDN principles , 2014 .

[3]  Thomas Erlebach,et al.  Computing the types of the relationships between autonomous systems , 2007, IEEE/ACM Trans. Netw..

[4]  Lei Xue,et al.  Towards Detecting Target Link Flooding Attack , 2014, LISA.

[5]  Kenji Yamanishi,et al.  A unifying framework for detecting outliers and change points from time series , 2006, IEEE Transactions on Knowledge and Data Engineering.

[6]  Virgil D. Gligor,et al.  CoDef: collaborative defense against large-scale link-flooding attacks , 2013, CoNEXT.

[7]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[8]  Tutomu Murase,et al.  Performance evaluation of a multi-stage network event detection scheme against DDoS attacks , 2008, 2008 7th Asia-Pacific Symposium on Information and Telecommunication Technologies.

[9]  Lixin Gao On inferring autonomous system relationships in the internet , 2001, TNET.

[10]  Ehab Al-Shaer,et al.  Agile virtualized infrastructure to proactively defend against cyber attacks , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[11]  Virgil D. Gligor,et al.  The Crossfire Attack , 2013, 2013 IEEE Symposium on Security and Privacy.