Traceroute-based target link flooding attack detection scheme by analyzing hop count to the destination

Kei Sakuma, Hiromu Asahina, Shuichiro Haruta, Iwao Sasase

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)


Recently, the detection of target link flooding attack which is a new type of DDoS (Distributed Denial of Service) is required. Target link flooding attack is used for disconnecting a specific area from the Internet. It is more difficult to detect and mitigate this attack than legacy DDoS since attacking flows do not reach the target region. Among several schemes for target link flooding attack, the scheme focusing on traceroute is gathering attention. The idea behind that is the attacker needs to send traceroute to investigate the topology around targeted region before attack starts. That scheme detects the attack by finding rapid increase of traceroute. However, it cannot work when attacker's traceroute ratio is low. In this paper, we propose traceroute-based target link flooding attack detection scheme by analyzing hop count to the destination. Since the attacker must choose the link flooded to disconnect the target area, the destinations of attacker's traceroutes are concentrated within several hops from the target link while legitimate user's ones are distributed uniformly. By analyzing the number of traceroutes as per hop counts, the change can be emphasized and the attack symptom might be more easily captured. By computer simulations, we first prove the above hypotheses and show that our scheme has more robustness compared with the conventional scheme.

Original languageEnglish
Title of host publication2017 23rd Asia-Pacific Conference on Communications
Subtitle of host publicationBridging the Metropolitan and the Remote, APCC 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Electronic)9781740523905
Publication statusPublished - 2018 Feb 27
Event23rd Asia-Pacific Conference on Communications, APCC 2017 - Perth, Australia
Duration: 2017 Dec 112017 Dec 13


Other23rd Asia-Pacific Conference on Communications, APCC 2017


  • Detection
  • Network security
  • Target link flooding attack

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Signal Processing

Fingerprint Dive into the research topics of 'Traceroute-based target link flooding attack detection scheme by analyzing hop count to the destination'. Together they form a unique fingerprint.

Cite this