Detecting DRDoS attacks by a simple response packet confirmation mechanism

Hiroshi Tsunoda, Kohei Ohta, Atsunori Yamamoto, Nirwan Ansari, Yuji Waizumi, Yoshiaki Nemoto

Research output: Contribution to journalArticlepeer-review

26 Citations (Scopus)

Abstract

In this paper, we propose a simple and robust method to detect Distributed Reflective Denial of Service (DRDoS) attacks. In DRDoS attacks, the victim is bombarded by reflected response packets from legitimate hosts, and thus it is difficult to distinguish attack packets from legitimate packets. We focus on the fact that the types of packets used for DRDoS are limited and predictable. Hence, the proposed method monitors only limited pairs of requests and responses, and confirms the validity of the received response packets based on the request-response relationship. Therefore, the proposed method does not need complicated state management such as the stateful inspection method, and thus the detection mechanism becomes simple. We also analyze the complexity of the proposed method, and show that the proposed method requires low processing cost as compared with the conventional method. Through experiments using a real networking environment, we demonstrate that the proposed method can accurately detect DRDoS packets at a low cost.

Original languageEnglish
Pages (from-to)3299-3306
Number of pages8
JournalComputer Communications
Volume31
Issue number14
DOIs
Publication statusPublished - 2008 Sep 5

Keywords

  • Detection
  • Distributed reflection DoS
  • Response confirmation

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Detecting DRDoS attacks by a simple response packet confirmation mechanism'. Together they form a unique fingerprint.

Cite this