Detecting amplification attacks with Software Defined Networking
作者: Chih-Chieh Chen , Yi-Ren Chen , Wei-Chih Lu , Shi-Chun Tsai , Ming-Chuan Yang
DOI: 10.1109/DESEC.2017.8073807
关键词: Network packet 、 Denial-of-service attack 、 Application layer DDoS attack 、 Computer security 、 Ip address 、 Classifier (UML) 、 Engineering 、 Computer network 、 Software-defined networking 、 Network service
摘要: Distributed denial of service (DDoS) is an attack that attempts to disrupt network for various malicious purposes. It makes use public services as reflectors amplify the traffic, and thus called distributed reflection attacks. This type forges source IP address, it hard filter problematic packets. With Software Defined Networking (SDN) machine learning techniques, we implement a system detect DRDoS packets block amplification attacks automatically. DNS NTP amplifications are two typical DDoS. By analyzing traffic features, although our classifier trained only attack, can identify then both with great accuracy.
nctu.edu.tw参考文章(20)
Roland van Rijswijk-Deij, Anna Sperotto, Aiko Pras, DNSSEC and its potential for DDoS attacks: a comprehensive measurement study internet measurement conference. pp. 449- 460 ,(2014) , 10.1145/2663716.2663731
Pankaj Berde, Matteo Gerola, Jonathan Hart, Yuta Higuchi, Masayoshi Kobayashi, Toshio Koide, Bob Lantz, Brian O'Connor, Pavlin Radoslavov, William Snow, Guru Parulkar, ONOS: towards an open, distributed SDN OS Proceedings of the third workshop on Hot topics in software defined networking. pp. 1- 6 ,(2014) , 10.1145/2620728.2620744
Fabian Pedregosa, Gaël Varoquaux, Alexandre Gramfort, Vincent Michel, Bertrand Thirion, Olivier Grisel, Mathieu Blondel, Andreas Müller, Joel Nothman, Gilles Louppe, Peter Prettenhofer, Ron Weiss, Vincent Dubourg, Jake Vanderplas, Alexandre Passos, David Cournapeau, Matthieu Brucher, Matthieu Perrot, Édouard Duchesnay, Scikit-learn: Machine Learning in Python Journal of Machine Learning Research. ,vol. 12, pp. 2825- 2830 ,(2011)
G. Kambourakis, S. Gritzalis, D. Geneiatakis, T. Moschos, A Fair Solution to DNS Amplification Attacks Second International Workshop on Digital Forensics and Incident Analysis (WDFIA 2007). pp. 38- 47 ,(2007) , 10.1109/WDFIA.2007.2
Marios Anagnostopoulos, Georgios Kambourakis, Stefanos Gritzalis, New facets of mobile botnet: architecture and evaluation International Journal of Information Security. ,vol. 15, pp. 455- 473 ,(2016) , 10.1007/S10207-015-0310-0
Qiao Yan, F. Richard Yu, Qingxiang Gong, Jianqiang Li, Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges IEEE Communications Surveys & Tutorials. ,vol. 18, pp. 602- 622 ,(2016) , 10.1109/COMST.2015.2487361
Egle Sigler, Cody Bunch, Kevin Jackson, OpenStack Cloud Computing Cookbook ,(2012)
Weiqing Sun, Ahmad Y. Javaid, Quamar Niyaz, A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN) EAI Endorsed Transactions on Security and Safety. ,vol. 4, pp. 153515- ,(2017) , 10.4108/EAI.28-12-2017.153515
David Huistra, Detecting Reflection Attacks in DNS Flows ,(2013)
Elisa Bertino, Nayeem Islam, Botnets and Internet of Things Security Computer. ,vol. 50, pp. 76- 79 ,(2017) , 10.1109/MC.2017.62