Detecting amplification attacks with Software Defined Networking

Chih Chieh Chen*, Yi Ren Chen, Wei Chih Lu, Shi-Chun Tsai, Ming Chuan Yang

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

26 Scopus citations

Abstract

Distributed denial of service (DDoS) is an attack that attempts to disrupt network service for various malicious purposes. It makes use of public services as reflectors to amplify the traffic, and thus called distributed reflection denial of service attacks. This type of attack forges source IP address, and makes it hard to filter the problematic packets. With Software Defined Networking (SDN) and machine learning techniques, we implement a system to detect DRDoS packets and block the amplification attacks automatically. DNS and NTP amplifications are two typical attacks of DDoS. By analyzing the traffic features, although our classifier is trained only for the DNS amplification attack, our system can identify and then block both DNS and NTP amplification attacks with great accuracy.

Original languageEnglish
Title of host publication2017 IEEE Conference on Dependable and Secure Computing
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages195-201
Number of pages7
ISBN (Electronic)9781509055692
DOIs
StatePublished - 18 Oct 2017
Event2017 IEEE Conference on Dependable and Secure Computing - Taipei, Taiwan
Duration: 7 Aug 201710 Aug 2017

Publication series

Name2017 IEEE Conference on Dependable and Secure Computing

Conference

Conference2017 IEEE Conference on Dependable and Secure Computing
Country/TerritoryTaiwan
CityTaipei
Period7/08/1710/08/17

Fingerprint

Dive into the research topics of 'Detecting amplification attacks with Software Defined Networking'. Together they form a unique fingerprint.

Cite this