Abstract
Distributed Denial of Service attacks has been one of the most challenges faced by the Internet for decades. Recently, DDoS protection services (DPS) have risen up to mitigate large-scale DDoS attacks by diverting the vast malicious traffic against the victims to affordable networks. One common approach is to reroute the traffic through the change of BGP policies, which may cause abnormal BGP routing dynamics. However, little is known about such behaviors and the consequences. To fill this gap, in this paper, we conduct the first study on the behaviors of BGP-based DPS through two steps. First, we propose a machine learning based approach to identify DDoS events because there usually lacks data for characterizing real DDoS events. Second, We design a new algorithm to analyze the behavior of DPS against typical DDoS attacks. In the case study of real DDoS attacks, we carefully analyze the policies used to mitigate the attacks and obtain several meaningful findings. This research sheds light on the design of effective DDoS attack mitigation schemes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
How friday’s massive ddos attack on the U.S. happened. https://en.wikipedia.org/wiki/2016_Dyn_cyberattackcite_note-wired-5/
OVH suffers from 1.1Tbps DDoS attack. https://www.scmagazineuk.com/ovh-suffers-11tbps-ddos-attack/article/532197/. Accessed 11 Mar 2017
Chandrashekar, J., Duan, Z., Zhang, Z.L., Krasky, J.: Limiting path exploration in BGP. In: 24th Annual Joint Conference of INFOCOM, vol. 4, pp. 2337–2348. IEEE (2005)
Chang, D.F., Govindan, R., Heidemann, J.: The temporal and topological characteristics of BGP path changes. In: ICNP, pp. 190–199. IEEE (2003)
Cowie, J., Ogielski, A.T., Premore, B., Yuan, Y.: Internet worms and global routing instabilities. In: ITCom 2002: The Convergence of Information Technologies and Communications, pp. 195–199 (2002)
Deshpande, S., Thottan, M., Ho, T.K., Sikdar, B.: An online mechanism for BGP instability detection and analysis. IEEE Trans. Comput. 58(11), 1470–1484 (2009)
Feldmann, A., Maennel, O., Mao, Z.M., Berger, A., Maggs, B.: Locating internet routing instabilities. ACM SIGCOMM CCR 34, 205–218 (2004)
Hilton, S.: Dyn analysis summary of friday october 21 attack. http://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/
Jonker, M., Sperotto, A., van Rijswijk-Deij, R., Sadre, R., Pras, A.: Measuring the adoption of DDoS protection services. In: Proceedings of the 2016 ACM on Internet Measurement Conference, pp. 279–285. ACM (2016)
Karami, M., McCoy, D.: Understanding the emerging threat of DDoS-as-a-service. In: LEET (2013)
Labovitz, C., Malan, G.R., Jahanian, F.: Internet routing instability. IEEE/ACM Trans. Netw. 6(5), 515–528 (1998)
Li, J., Brooks, S.: I-seismograph: observing and measuring internet earthquakes. In: INFOCOM, 2011 Proceedings IEEE, pp. 2624–2632. IEEE (2011)
Li, J., Guidero, M., Wu, Z., Purpus, E., Ehrenkranz, T.: BGP routing dynamics revisited. ACM SIGCOMM CCR 37(2), 5–16 (2007)
Li, J., Wu, Z., Purpus, E.: Cam04-5: Toward understanding the behavior of BGP during large-scale power outages. In: IEEE Globecom. IEEE (2006)
Noroozian, A., Korczyński, M., Gañan, C.H., Makita, D., Yoshioka, K., van Eeten, M.: Who gets the boot? analyzing victimization by DDoS-as-a-service. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 368–389. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45719-2_17
Park, J.H., Jen, D., Lad, M., Amante, S., McPherson, D., Zhang, L.: Investigating occurrence of duplicate updates in BGP announcements. In: Krishnamurthy, A., Plattner, B. (eds.) PAM 2010. LNCS, vol. 6032, pp. 11–20. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12334-4_2
Santanna, J.J., et al.: Booters-an analysis of DDoS-as-a-service attacks. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 243–251. IEEE (2015)
Smith, D.: How friday’s massive ddos attack on the U.S. happened. https://blog.radware.com/security/2016/10/fridays-massive-ddos-attack-u-s-happened/
Zhang, M.: BGPInspector: A real-time extensible border gateway protocol monitoring framework. CAS (2014)
Acknowledgment
The research presented in this paper is supported in part by National Natural Science Foundation (No. 61602370, 61672026, 61772411, U1736205), Postdoctoral Foundation (No. 201659M2806, 2018T111066), Fundamental Research Funds for the Central Universities (No. 1191320006), Shaanxi Postdoctoral Foundation, Project JCYJ20170816100819428 supported by SZSTI, CCF-Tencent Open Fund WeBank Special Funding (No. CCF-Webank RAGR20180101), CCF-NSFOCUS KunPeng Research Fund (No. CCF-NSFOCUS 2018006).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Tung, T.M., Wang, C., Wang, J. (2018). Understanding the Behaviors of BGP-based DDoS Protection Services. In: Au, M., et al. Network and System Security. NSS 2018. Lecture Notes in Computer Science(), vol 11058. Springer, Cham. https://doi.org/10.1007/978-3-030-02744-5_34
Download citation
DOI: https://doi.org/10.1007/978-3-030-02744-5_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02743-8
Online ISBN: 978-3-030-02744-5
eBook Packages: Computer ScienceComputer Science (R0)