DDoS family: A novel perspective for massive types of DDoS attacks

DDoS family: A novel perspective for massive types of DDoS attacks

Distributed Denial of Service (DDoS) defense is a profound research problem. In recent years, adversaries tend to complicate their attack strategies by crafting vast DDoS variants. On the one hand, this trend exacerbates both extremes of classification granularity (i.e., binary and attack level) in...

Full description

Saved in:
Bibliographic Details
Main Authors: ZHAO, Ziming, LI, Zhaoxuan, ZHOU, Zhihao, YU, Jiongchi, SONG, Zhuoxue, XIE, Xiaofei, ZHANG, Fan, ZHANG, Rui
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2024
Subjects:
Backward packet statistics
Community detection
DDoS attack family
Defense strategy
Traffic fingerprint construction
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/8562
https://ink.library.smu.edu.sg/context/sis_research/article/9565/viewcontent/COSE24_pv.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:Distributed Denial of Service (DDoS) defense is a profound research problem. In recent years, adversaries tend to complicate their attack strategies by crafting vast DDoS variants. On the one hand, this trend exacerbates both extremes of classification granularity (i.e., binary and attack level) in existing machine learning methods. On the other hand, massive attack categories make the filter rule table bulky, as well as cause problems of slow reaction presented in the recent state-of-the-art DDoS mitigation system. Therefore, we propose the concept of a DDoS family to reconcile/cope with these issues. The specific technical roadmap includes traffic pattern characterization, attack fingerprint production, and cross-executed family partition by community detection. Through extensive evaluations, we demonstrate the benefits of the proposal in terms of portraying similarities, guiding model classification/unknown attack detection, optimizing defense strategies, and speeding filtering reactions. For instance, our results show that using only one rule can defend 15 types of attacks due to their homogeneous behavioral representation. Particularly, we find the interesting observation that counting the backward packet is more efficient and robust against some attacks (e.g., Tor's Hammer Attack), which is very different from previous solutions.

Similar Items