TY - GEN
T1 - Traceroute-based target link flooding attack detection scheme by analyzing hop count to the destination
AU - Sakuma, Kei
AU - Asahina, Hiromu
AU - Haruta, Shuichiro
AU - Sasase, Iwao
N1 - Funding Information:
This work is partly supported by the Grant in Aid for Scientific Research (No.17K06440) from Japan Society for Promotion of Science (JSPS).
Publisher Copyright:
© 2017 University of Western Australia.
PY - 2018/2/27
Y1 - 2018/2/27
N2 - Recently, the detection of target link flooding attack which is a new type of DDoS (Distributed Denial of Service) is required. Target link flooding attack is used for disconnecting a specific area from the Internet. It is more difficult to detect and mitigate this attack than legacy DDoS since attacking flows do not reach the target region. Among several schemes for target link flooding attack, the scheme focusing on traceroute is gathering attention. The idea behind that is the attacker needs to send traceroute to investigate the topology around targeted region before attack starts. That scheme detects the attack by finding rapid increase of traceroute. However, it cannot work when attacker's traceroute ratio is low. In this paper, we propose traceroute-based target link flooding attack detection scheme by analyzing hop count to the destination. Since the attacker must choose the link flooded to disconnect the target area, the destinations of attacker's traceroutes are concentrated within several hops from the target link while legitimate user's ones are distributed uniformly. By analyzing the number of traceroutes as per hop counts, the change can be emphasized and the attack symptom might be more easily captured. By computer simulations, we first prove the above hypotheses and show that our scheme has more robustness compared with the conventional scheme.
AB - Recently, the detection of target link flooding attack which is a new type of DDoS (Distributed Denial of Service) is required. Target link flooding attack is used for disconnecting a specific area from the Internet. It is more difficult to detect and mitigate this attack than legacy DDoS since attacking flows do not reach the target region. Among several schemes for target link flooding attack, the scheme focusing on traceroute is gathering attention. The idea behind that is the attacker needs to send traceroute to investigate the topology around targeted region before attack starts. That scheme detects the attack by finding rapid increase of traceroute. However, it cannot work when attacker's traceroute ratio is low. In this paper, we propose traceroute-based target link flooding attack detection scheme by analyzing hop count to the destination. Since the attacker must choose the link flooded to disconnect the target area, the destinations of attacker's traceroutes are concentrated within several hops from the target link while legitimate user's ones are distributed uniformly. By analyzing the number of traceroutes as per hop counts, the change can be emphasized and the attack symptom might be more easily captured. By computer simulations, we first prove the above hypotheses and show that our scheme has more robustness compared with the conventional scheme.
KW - Detection
KW - Network security
KW - Target link flooding attack
UR - http://www.scopus.com/inward/record.url?scp=85050628535&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85050628535&partnerID=8YFLogxK
U2 - 10.23919/APCC.2017.8304023
DO - 10.23919/APCC.2017.8304023
M3 - Conference contribution
AN - SCOPUS:85050628535
T3 - 2017 23rd Asia-Pacific Conference on Communications: Bridging the Metropolitan and the Remote, APCC 2017
SP - 1
EP - 6
BT - 2017 23rd Asia-Pacific Conference on Communications
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 23rd Asia-Pacific Conference on Communications, APCC 2017
Y2 - 11 December 2017 through 13 December 2017
ER -