Practical Approaches to the DRDoS Attack Detection based on Netflow Analysis

Kim, Jungtae; Kim, Ik-Kyun; Kang, Koohong

Home // INTERNET 2016, The Eighth International Conference on Evolving Internet // View article

Practical Approaches to the DRDoS Attack Detection based on Netflow Analysis

Authors:
Jungtae Kim
Ik-Kyun Kim
Koohong Kang

Keywords: DDoS, Reflection DoS, Netflow, Connection Traceback

Abstract:
The paper proposes a practical method of detecting the Distributed Reflection Denial-of-Service Attack (DRDoS) in the Internet with the policy based routing and load balancing applied. To do so, the detection algorithm is provided separately accordingly to the underlying network infrastructure such as routing symmetry or asymmetry. Finally, it provides a practical way of detecting the reflection attacker, which connects the reflectors to command or trigger the IP Spoofed DNS (Domain Name Service)/NTP (Network Time Protocol) requests, by analyzing the connection information available on the Netflow enabled Routers.

Pages: 20 to 25

Copyright: Copyright (c) IARIA, 2016

Publication date: November 13, 2016

Published in: conference

ISSN: 2308-443X

ISBN: 978-1-61208-516-6

Location: Barcelona, Spain

Dates: from November 13, 2016 to November 17, 2016