Traceroute-based target link flooding attack detection scheme by analyzing hop count to the destination

Kei Sakuma, Hiromu Asahina, Shuichiro Haruta, Iwao Sasase

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Recently, the detection of target link flooding attack which is a new type of DDoS (Distributed Denial of Service) is required. Target link flooding attack is used for disconnecting a specific area from the Internet. It is more difficult to detect and mitigate this attack than legacy DDoS since attacking flows do not reach the target region. Among several schemes for target link flooding attack, the scheme focusing on traceroute is gathering attention. The idea behind that is the attacker needs to send traceroute to investigate the topology around targeted region before attack starts. That scheme detects the attack by finding rapid increase of traceroute. However, it cannot work when attacker's traceroute ratio is low. In this paper, we propose traceroute-based target link flooding attack detection scheme by analyzing hop count to the destination. Since the attacker must choose the link flooded to disconnect the target area, the destinations of attacker's traceroutes are concentrated within several hops from the target link while legitimate user's ones are distributed uniformly. By analyzing the number of traceroutes as per hop counts, the change can be emphasized and the attack symptom might be more easily captured. By computer simulations, we first prove the above hypotheses and show that our scheme has more robustness compared with the conventional scheme.

Original languageEnglish
Title of host publication2017 23rd Asia-Pacific Conference on Communications
Subtitle of host publicationBridging the Metropolitan and the Remote, APCC 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-6
Number of pages6
Volume2018-January
ISBN (Electronic)9781740523905
DOIs
Publication statusPublished - 2018 Feb 27
Event23rd Asia-Pacific Conference on Communications, APCC 2017 - Perth, Australia
Duration: 2017 Dec 112017 Dec 13

Other

Other23rd Asia-Pacific Conference on Communications, APCC 2017
CountryAustralia
CityPerth
Period17/12/1117/12/13

    Fingerprint

Keywords

  • Detection
  • Network security
  • Target link flooding attack

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Signal Processing

Cite this

Sakuma, K., Asahina, H., Haruta, S., & Sasase, I. (2018). Traceroute-based target link flooding attack detection scheme by analyzing hop count to the destination. In 2017 23rd Asia-Pacific Conference on Communications: Bridging the Metropolitan and the Remote, APCC 2017 (Vol. 2018-January, pp. 1-6). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.23919/APCC.2017.8304023