Abstract
Recently, a botnet based DDoS (Distributed Denial of Service) attack, called target link flooding attack, has been reported that cuts off specific links over the Internet and disconnects a specific region from other regions. Detecting or mitigating the target link flooding attack is more difficult than legacy DDoS attack techniques, since attacking flows do not reach the target region. Although many mitigation schemes are proposed, they detect the attack after it occurs. In this paper, we propose a fast target link flooding attack detection scheme by leveraging the fact that the traceroute packets are increased before the attack caused by the attacker's reconnaissance. Moreover, by analyzing the characteristic of the target link flooding attack that the number of traceroute packets simultaneously increases in various regions over the network, we propose a detection scheme with multiple detection servers to eliminate false alarms caused by sudden increase of traceroute packets sent by legitimate users. We show the effectiveness of our scheme by computer simulations.
| Original language | English |
|---|---|
| Title of host publication | 2015 IEEE International Workshop on Information Forensics and Security, WIFS 2015 - Proceedings |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| ISBN (Print) | 9781467368025 |
| DOIs | |
| Publication status | Published - 2015 Dec 29 |
| Event | IEEE International Workshop on Information Forensics and Security, WIFS 2015 - Rome, Italy Duration: 2015 Nov 16 → 2015 Nov 19 |
Other
| Other | IEEE International Workshop on Information Forensics and Security, WIFS 2015 |
|---|---|
| Country/Territory | Italy |
| City | Rome |
| Period | 15/11/16 → 15/11/19 |
ASJC Scopus subject areas
- Computer Science Applications
- Information Systems
- Computer Networks and Communications