Distributed Reflective Denial of Services (DRDoS) attacks have gained huge popularity and become a major factor in a number of massive cyber-attacks. Usually, the attackers launch this kind of attack with small volume of requests to generate a large volume of attack traffic aiming at the victim by using IP spoofing from legitimate hosts. There have been several approaches, such as static threshold based approach and confirmation-based approach, focusing on DRDoS attack detection at victim's side. However, these approaches have significant disadvantages: (1) they are only passive defences after the attack and (2) it is hard to trace back the attackers. To address this problem, considerable attention has been paid to the study of detecting DRDoS attack at source side. Because the existing proposals following this direction are supposed to be ineffective to deal with small volume of attack traffic, there is still a room for improvement. In this paper, we propose a novel method to detect DRDoS attack request traffic on SDN(Software Defined Network)-enabled gateways in the source side of attack traffic. Our method adjusts the sampling rate and provides a traffic-aware adaptive threshold along with the margin based on analysing observed traffic behind gateways. Experimental results show that the proposed method is a promising solution to detect DRDoS attack request in the source side.
Sinh-Ngoc NGUYEN
Chonnam National University
Van-Quyet NGUYEN
Chonnam National University
Giang-Truong NGUYEN
Chonnam National University
JeongNyeo KIM
Electronics and Telecommunications Research Institute
Kyungbaek KIM
Chonnam National University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Sinh-Ngoc NGUYEN, Van-Quyet NGUYEN, Giang-Truong NGUYEN, JeongNyeo KIM, Kyungbaek KIM, "Source-Side Detection of DRDoS Attack Request with Traffic-Aware Adaptive Threshold" in IEICE TRANSACTIONS on Information,
vol. E101-D, no. 6, pp. 1686-1690, June 2018, doi: 10.1587/transinf.2018EDL8020.
Abstract: Distributed Reflective Denial of Services (DRDoS) attacks have gained huge popularity and become a major factor in a number of massive cyber-attacks. Usually, the attackers launch this kind of attack with small volume of requests to generate a large volume of attack traffic aiming at the victim by using IP spoofing from legitimate hosts. There have been several approaches, such as static threshold based approach and confirmation-based approach, focusing on DRDoS attack detection at victim's side. However, these approaches have significant disadvantages: (1) they are only passive defences after the attack and (2) it is hard to trace back the attackers. To address this problem, considerable attention has been paid to the study of detecting DRDoS attack at source side. Because the existing proposals following this direction are supposed to be ineffective to deal with small volume of attack traffic, there is still a room for improvement. In this paper, we propose a novel method to detect DRDoS attack request traffic on SDN(Software Defined Network)-enabled gateways in the source side of attack traffic. Our method adjusts the sampling rate and provides a traffic-aware adaptive threshold along with the margin based on analysing observed traffic behind gateways. Experimental results show that the proposed method is a promising solution to detect DRDoS attack request in the source side.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2018EDL8020/_p
Copy
@ARTICLE{e101-d_6_1686,
author={Sinh-Ngoc NGUYEN, Van-Quyet NGUYEN, Giang-Truong NGUYEN, JeongNyeo KIM, Kyungbaek KIM, },
journal={IEICE TRANSACTIONS on Information},
title={Source-Side Detection of DRDoS Attack Request with Traffic-Aware Adaptive Threshold},
year={2018},
volume={E101-D},
number={6},
pages={1686-1690},
abstract={Distributed Reflective Denial of Services (DRDoS) attacks have gained huge popularity and become a major factor in a number of massive cyber-attacks. Usually, the attackers launch this kind of attack with small volume of requests to generate a large volume of attack traffic aiming at the victim by using IP spoofing from legitimate hosts. There have been several approaches, such as static threshold based approach and confirmation-based approach, focusing on DRDoS attack detection at victim's side. However, these approaches have significant disadvantages: (1) they are only passive defences after the attack and (2) it is hard to trace back the attackers. To address this problem, considerable attention has been paid to the study of detecting DRDoS attack at source side. Because the existing proposals following this direction are supposed to be ineffective to deal with small volume of attack traffic, there is still a room for improvement. In this paper, we propose a novel method to detect DRDoS attack request traffic on SDN(Software Defined Network)-enabled gateways in the source side of attack traffic. Our method adjusts the sampling rate and provides a traffic-aware adaptive threshold along with the margin based on analysing observed traffic behind gateways. Experimental results show that the proposed method is a promising solution to detect DRDoS attack request in the source side.},
keywords={},
doi={10.1587/transinf.2018EDL8020},
ISSN={1745-1361},
month={June},}
Copy
TY - JOUR
TI - Source-Side Detection of DRDoS Attack Request with Traffic-Aware Adaptive Threshold
T2 - IEICE TRANSACTIONS on Information
SP - 1686
EP - 1690
AU - Sinh-Ngoc NGUYEN
AU - Van-Quyet NGUYEN
AU - Giang-Truong NGUYEN
AU - JeongNyeo KIM
AU - Kyungbaek KIM
PY - 2018
DO - 10.1587/transinf.2018EDL8020
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E101-D
IS - 6
JA - IEICE TRANSACTIONS on Information
Y1 - June 2018
AB - Distributed Reflective Denial of Services (DRDoS) attacks have gained huge popularity and become a major factor in a number of massive cyber-attacks. Usually, the attackers launch this kind of attack with small volume of requests to generate a large volume of attack traffic aiming at the victim by using IP spoofing from legitimate hosts. There have been several approaches, such as static threshold based approach and confirmation-based approach, focusing on DRDoS attack detection at victim's side. However, these approaches have significant disadvantages: (1) they are only passive defences after the attack and (2) it is hard to trace back the attackers. To address this problem, considerable attention has been paid to the study of detecting DRDoS attack at source side. Because the existing proposals following this direction are supposed to be ineffective to deal with small volume of attack traffic, there is still a room for improvement. In this paper, we propose a novel method to detect DRDoS attack request traffic on SDN(Software Defined Network)-enabled gateways in the source side of attack traffic. Our method adjusts the sampling rate and provides a traffic-aware adaptive threshold along with the margin based on analysing observed traffic behind gateways. Experimental results show that the proposed method is a promising solution to detect DRDoS attack request in the source side.
ER -