20,028 research outputs found
An SDN-based Approach For Defending Against Reflective DDoS Attacks
Distributed Reflective Denial of Service (DRDoS) attacks are an immanent
threat to Internet services. The potential scale of such attacks became
apparent in March 2018 when a memcached-based attack peaked at 1.7 Tbps. Novel
services built upon UDP increase the need for automated mitigation mechanisms
that react to attacks without prior knowledge of the actual application
protocols used. With the flexibility that software-defined networks offer, we
developed a new approach for defending against DRDoS attacks; it not only
protects against arbitrary DRDoS attacks but is also transparent for the attack
target and can be used without assistance of the target host operator. The
approach provides a robust mitigation system which is protocol-agnostic and
effective in the defense against DRDoS attacks
Modern DDoS Attacks and Defences -- Survey
Denial of Service (DoS) and Distributed Denial of Service of Service (DDoS)
attacks are commonly used to disrupt network services. Attack techniques are
always improving and due to the structure of the internet and properties of
network protocols it is difficult to keep detection and mitigation techniques
up to date. A lot of research has been conducted in this area which has
demonstrated the difficulty of preventing DDoS attacks altogether, therefore
the primary aim of most research is to maximize quality of service (QoS) for
legitimate users. This survey paper aims to provide a clear summary of DDoS
attacks and focuses on some recently proposed techniques for defence. The
research papers that are analysed in depth primarily focused on the use of
virtual machines (VMs) (HoneyMesh) and network function virtualization (NFV)
(VGuard and VFence).Comment: 6 pages, 6 figure
Characterizing and mitigating the DDoS-as-a-Service phenomenon
Distributed Denial of Service (DDoS) attacks are an increasing threat on the Internet. Until a few years ago, these types of attacks were only launched by people with advanced knowledge of computer networks. However, nowadays the ability to launch attacks have been offered as a service to everyone, even to those without any advanced knowledge. Booters are online tools that offer DDoS-as-a-Service. Some of them advertise, for less than U$ 5, up to 25 Gbps of DDoS traffic, which is more than enough to make most hosts and services on the Internet unavailable. Booters are increasing in popularity and they have shown the success of attacks against third party services, such as government websites; however, there are few mitigation proposals. In addition, existing literature in this area provides only a partial understanding of the threat, for example by analyzing only a few aspects of one specific Booter. In this paper, we propose mitigation solutions against DDoS-as-a-Service that will be achieved after an extensive characterization of Booters. Early results show 59 different Booters, which some of them do not deliver what is offered. This research is still in its initial phase and will contribute to a Ph.D. thesis after four years
- …