Publication Type
Journal Article
Version
publishedVersion
Publication Date
3-2024
Abstract
Distributed Denial of Service (DDoS) defense is a profound research problem. In recent years, adversaries tend to complicate their attack strategies by crafting vast DDoS variants. On the one hand, this trend exacerbates both extremes of classification granularity (i.e., binary and attack level) in existing machine learning methods. On the other hand, massive attack categories make the filter rule table bulky, as well as cause problems of slow reaction presented in the recent state-of-the-art DDoS mitigation system. Therefore, we propose the concept of a DDoS family to reconcile/cope with these issues. The specific technical roadmap includes traffic pattern characterization, attack fingerprint production, and cross-executed family partition by community detection. Through extensive evaluations, we demonstrate the benefits of the proposal in terms of portraying similarities, guiding model classification/unknown attack detection, optimizing defense strategies, and speeding filtering reactions. For instance, our results show that using only one rule can defend 15 types of attacks due to their homogeneous behavioral representation. Particularly, we find the interesting observation that counting the backward packet is more efficient and robust against some attacks (e.g., Tor's Hammer Attack), which is very different from previous solutions.
Keywords
Backward packet statistics, Community detection, DDoS attack family, Defense strategy, Traffic fingerprint construction
Discipline
Information Security
Research Areas
Cybersecurity
Publication
Computers and Security
Volume
138
First Page
1
Last Page
14
ISSN
0167-4048
Identifier
10.1016/j.cose.2023.103663
Publisher
Elsevier
Citation
ZHAO, Ziming; LI, Zhaoxuan; ZHOU, Zhihao; YU, Jiongchi; SONG, Zhuoxue; XIE, Xiaofei; ZHANG, Fan; and ZHANG, Rui.
DDoS family: A novel perspective for massive types of DDoS attacks. (2024). Computers and Security. 138, 1-14.
Available at: https://ink.library.smu.edu.sg/sis_research/8562
Copyright Owner and License
Publisher
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1016/j.cose.2023.103663