Fast target link flooding attack detection scheme by analyzing traceroute packets flow

Takayuki Hirayama, Kentaro Toyoda, Iwao Sasase

研究成果: Conference contribution

24 被引用数 (Scopus)

抄録

Recently, a botnet based DDoS (Distributed Denial of Service) attack, called target link flooding attack, has been reported that cuts off specific links over the Internet and disconnects a specific region from other regions. Detecting or mitigating the target link flooding attack is more difficult than legacy DDoS attack techniques, since attacking flows do not reach the target region. Although many mitigation schemes are proposed, they detect the attack after it occurs. In this paper, we propose a fast target link flooding attack detection scheme by leveraging the fact that the traceroute packets are increased before the attack caused by the attacker's reconnaissance. Moreover, by analyzing the characteristic of the target link flooding attack that the number of traceroute packets simultaneously increases in various regions over the network, we propose a detection scheme with multiple detection servers to eliminate false alarms caused by sudden increase of traceroute packets sent by legitimate users. We show the effectiveness of our scheme by computer simulations.

本文言語English
ホスト出版物のタイトル2015 IEEE International Workshop on Information Forensics and Security, WIFS 2015 - Proceedings
出版社Institute of Electrical and Electronics Engineers Inc.
ISBN(印刷版)9781467368025
DOI
出版ステータスPublished - 2015 12月 29
イベントIEEE International Workshop on Information Forensics and Security, WIFS 2015 - Rome, Italy
継続期間: 2015 11月 162015 11月 19

Other

OtherIEEE International Workshop on Information Forensics and Security, WIFS 2015
国/地域Italy
CityRome
Period15/11/1615/11/19

ASJC Scopus subject areas

  • コンピュータ サイエンスの応用
  • 情報システム
  • コンピュータ ネットワークおよび通信

フィンガープリント

「Fast target link flooding attack detection scheme by analyzing traceroute packets flow」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル