Fast target link flooding attack detection scheme by analyzing traceroute packets flow

Takayuki Hirayama, Kentaro Toyoda, Iwao Sasase

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Citations (Scopus)

Abstract

Recently, a botnet based DDoS (Distributed Denial of Service) attack, called target link flooding attack, has been reported that cuts off specific links over the Internet and disconnects a specific region from other regions. Detecting or mitigating the target link flooding attack is more difficult than legacy DDoS attack techniques, since attacking flows do not reach the target region. Although many mitigation schemes are proposed, they detect the attack after it occurs. In this paper, we propose a fast target link flooding attack detection scheme by leveraging the fact that the traceroute packets are increased before the attack caused by the attacker's reconnaissance. Moreover, by analyzing the characteristic of the target link flooding attack that the number of traceroute packets simultaneously increases in various regions over the network, we propose a detection scheme with multiple detection servers to eliminate false alarms caused by sudden increase of traceroute packets sent by legitimate users. We show the effectiveness of our scheme by computer simulations.

Original languageEnglish
Title of host publication2015 IEEE International Workshop on Information Forensics and Security, WIFS 2015 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Print)9781467368025
DOIs
Publication statusPublished - 2015 Dec 29
EventIEEE International Workshop on Information Forensics and Security, WIFS 2015 - Rome, Italy
Duration: 2015 Nov 162015 Nov 19

Other

OtherIEEE International Workshop on Information Forensics and Security, WIFS 2015
CountryItaly
CityRome
Period15/11/1615/11/19

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Fast target link flooding attack detection scheme by analyzing traceroute packets flow'. Together they form a unique fingerprint.

  • Cite this

    Hirayama, T., Toyoda, K., & Sasase, I. (2015). Fast target link flooding attack detection scheme by analyzing traceroute packets flow. In 2015 IEEE International Workshop on Information Forensics and Security, WIFS 2015 - Proceedings [7368594] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/WIFS.2015.7368594