Abstract
Amplification attack, as a new kind of DDoS attack, is more destructive than traditional DDoS attack. Under the existing Internet architecture, it is difficult to find effective measures to deal with amplification attack. In this paper, we propose a two-phase reference detecting scheme by utilizing Software Defined Infrastructure capabilities: switch side is volume-based and controller side is feature-based. The proposed scheme is protocol-independent and lightweight, unlike most of the existing strategies. It can also detect amplification attack in the request phase for a small price, before these attacks cause actual harm. Upon the architecture, we design detection algorithms and a prototype system. Experimental results with both online and offline data sets show that the detection scheme is effective and efficient.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Rossow, C.: Amplification Hell: Revisiting Network Protocols for DDoS Abuse. In: NDSS (2014)
Ryba, F.J., Orlinski, M., Whlisch, M., et al.: Amplification and DRDoS Attack Defense-A Survey and New Perspectives. arXiv preprint arXiv:1505.07892 (2015)
Fachkha, C., Bou-Harb, E., Debbabi, M.: Fingerprinting internet DNS amplification DDoS activities. In: NTMS, pp. 1–5. IEEE (2014)
Tsunoda, H., Ohta, K., Yamamoto, A., et al.: Detecting DRDoS attacks by a simple response packet confirmation mechanism. Comput. Commun. 31(14), 3299–3306 (2008)
Kambourakis, G., Moschos, T., Geneiatakis, D., et al.: A fair solution to DNS amplification attacks. In: WDFIA, pp. 38–47. IEEE (2007)
Khrer, M., Hupperich, T., Rossow, C., et al.: Exit from hell? reducing the impact of amplification DDoS attacks. In: Security Symposium, pp. 111–125. USENIX (2014)
Shin, S., Yegneswaran, V., Porras, P., et al.: Avant-guard: scalable and vigilant switch flow management in software-defined networks. In: SIGSAC, pp. 413–424. ACM (2013)
Zaalouk, A., Khondoker, R., Marx, R., et al.: Orchsec: an orchestrator-based architecture for enhancing network-security using network monitoring and SDN control functions. In: NOMS, pp. 1–9. IEEE (2014)
Shin, S., Porras, P.A., Yegneswaran, V., et al.: FRESCO: modular composable security services for software-defined networks. In: NDSS (2013)
Beitollahi, H., Deconinck, G.: Analyzing well-known countermeasures against distributed denial of service attacks. Comput. Commun. 35(11), 1312–1332 (2012)
Xiang, Y., Li, K., Zhou, W.: Low-rate DDoS attacks detection and traceback by using new information metrics. Trans. Inf. Forensics Secur. 6(2), 426–437 (2011)
Spoofer Project. https://www.caida.org/projects/spoofer/
Open Resolver Project. http://openresolverproject.org
Feinstein, L., Schnackenberg, D., Balupari, R., et al.: Statistical approaches to DDoS attack detection and response. In: DARPA Information Survivability Conference and Exposition, vol. 1, pp. 303–314. IEEE (2003)
Nychis, G., Sekar, V., Andersen, D.G., et al.: An empirical evaluation of entropy-based traffic anomaly detection. In: SIGCOMM, pp. 151–156. ACM (2008)
Lall, A., Sekar, V., Ogihara, M., et al.: Data streaming algorithms for estimating entropy of network traffic. In: SIGMETRICS, vol. 34, no. 1, pp. 145–156. ACM (2006)
Ackowledgements
The research is supported by the National Natural Science Foundation of China under Grant 61625203, the National Key R&D Program of China under Grant 2016YFC0901605.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Liu, Z., Xu, M., Cao, J., Li, Q. (2018). TSA: A Two-Phase Scheme Against Amplification DDoS Attack in SDN. In: Zhu, L., Zhong, S. (eds) Mobile Ad-hoc and Sensor Networks. MSN 2017. Communications in Computer and Information Science, vol 747. Springer, Singapore. https://doi.org/10.1007/978-981-10-8890-2_37
Download citation
DOI: https://doi.org/10.1007/978-981-10-8890-2_37
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-8889-6
Online ISBN: 978-981-10-8890-2
eBook Packages: Computer ScienceComputer Science (R0)