An SDN-based Approach For Defending Against Reflective DDoS Attacks

Distributed Reflective Denial of Service (DRDoS) attacks are an immanent threat to Internet services. The potential scale of such attacks became apparent in March 2018 when a memcached-based attack peaked at 1.7 Tbps. Novel services built upon UDP increase the need for automated mitigation mechanisms that react to attacks without prior knowledge of the actual application protocols used. With the flexibility that software-defined networks offer, we developed a new approach for defending against DRDoS attacks; it not only protects against arbitrary DRDoS attacks but is also transparent for the attack target and can be used without assistance of the target host operator. The approach provides a robust mitigation system which is protocol-agnostic and effective in the defense against DRDoS attacks

An Artificial Intelligence (AI) Framework for Detection of Distributed Reflection Denial of Service Attacks

In the contemporary digital world, cyber space is growing continuously witnessing amalgamation of different technologies associated with telecommunications, networking and sensing to mention few. This has enabled Service Oriented Architecture (SOA) to realize distributed applications that cater to the needs of enterprises in the real world. With the advantages of such environments, there has been increased number of instances of cyber-attacks. Distributed Denial of Service (DDoS) is the large-scale attack targeting critical digital infrastructure to make it useless for certain amount of time. Such attacks have several implications and lead to collapse of businesses unless there are countermeasures to detect it and handle it properly. Distributed Reflection Denial of Service (DRDoS) is a variant of such attacks which is more destructive in nature. It is more so in the presence of Internet of Things (IoT) devices deployed in cyber space in large scale. The existing DDoS countermeasures do not work to solve the problem of DRDoS directly. We propose an Artificial Intelligence (AI) framework for detection of DRDoS attacks. We propose an algorithm known as Machine Learning based DRDoS Attack Detection (ML-DAD) for effective detection of attacks. The prototype service built in Python monitors such attacks and take necessary steps to defeat it. The empirical results revealed that the proposed framework has superior performance improvement over the stat of the art. The research in this paper leads to new ideas in the area of detection and prevention of DRDoS attacks

Distributed reflection denial of service attack: A critical review

As the world becomes increasingly connected and the number of users grows exponentially and “things” go online, the prospect of cyberspace becoming a significant target for cybercriminals is a reality. Any host or device that is exposed on the internet is a prime target for cyberattacks. A denial-of-service (DoS) attack is accountable for the majority of these cyberattacks. Although various solutions have been proposed by researchers to mitigate this issue, cybercriminals always adapt their attack approach to circumvent countermeasures. One of the modified DoS attacks is known as distributed reflection denial-of-service attack (DRDoS). This type of attack is considered to be a more severe variant of the DoS attack and can be conducted in transmission control protocol (TCP) and user datagram protocol (UDP). However, this attack is not effective in the TCP protocol due to the three-way handshake approach that prevents this type of attack from passing through the network layer to the upper layers in the network stack. On the other hand, UDP is a connectionless protocol, so most of these DRDoS attacks pass through UDP. This study aims to examine and identify the differences between TCP-based and UDP-based DRDoS attacks