An SDN-based Approach For Defending Against Reflective DDoS Attacks

Distributed Reflective Denial of Service (DRDoS) attacks are an immanent threat to Internet services. The potential scale of such attacks became apparent in March 2018 when a memcached-based attack peaked at 1.7 Tbps. Novel services built upon UDP increase the need for automated mitigation mechanism...

Full description

Saved in:
Bibliographic Details
Published in2018 IEEE 43rd Conference on Local Computer Networks (LCN) pp. 299 - 302
Main Authors Lukaseder, Thomas, StOlzle, Kevin, Kleber, Stephan, Erb, Benjamin, Kargl, Frank
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.10.2018
Subjects
Computer crime
Data collection
DDoS mitigation
IP networks
Monitoring
network-based mitigation
Protocols
reflective DDoS attacks
Servers
software-defined networking
Task analysis
Online AccessGet full text
DOI10.1109/LCN.2018.8638036

Cover

More Information
Summary:Distributed Reflective Denial of Service (DRDoS) attacks are an immanent threat to Internet services. The potential scale of such attacks became apparent in March 2018 when a memcached-based attack peaked at 1.7 Tbps. Novel services built upon UDP increase the need for automated mitigation mechanisms that react to attacks without prior knowledge of the actual application protocols used. With the flexibility that software-defined networks offer, we developed a new approach for defending against DRDoS attacks; it not only protects against arbitrary DRDoS attacks but is also transparent for the attack target and can be used without assistance of the target host operator. The approach provides a robust mitigation system which is protocol-agnostic and effective in the defense against DRDoS attacks.
DOI:10.1109/LCN.2018.8638036