You are viewing a javascript disabled version of the site. Please enable Javascript for this site to function properly.
Go to headerGo to navigationGo to searchGo to contentsGo to footer
In content section. Select this link to jump to navigation

An efficient algorithm to detect DDoS amplification attacks

Issue title: Special section: Recent trends, Challenges and Applications in Cognitive Computing for Intelligent Systems

Guest editors: Vijayakumar Varadarajan, Piet Kommers, Vincenzo Piuri and V. Subramaniyaswamy

Article type: Research Article

Authors: Quadir, Md Abdula; * | Christy Jackson, J.a | Prassanna, J.a | Sathyarajasekaran, K.a | Kumar, K.b | Sabireen, H.a | Ubarhande, Shivama | Vijaya Kumar, V.c

Affiliations: [a] School of Computer Science and Engineering, Vellore Institute of Technology, Chennai, India | [b] Center for Industry and International Studies, Vellore Institute of Technology, Vellore, India | [c] School of Computer Science and Engineering, University of New South Wales, Sydney, Australia

Correspondence: [*] Corresponding author. Md Abdul Quadir, School of Computer Science and Engineering, Vellore Institute of Technology, Chennai, India. Tel.: +91 9884004139; E-mail: abdulquadir.md@vit.ac.in.

Abstract: Domain name system (DNS) plays a critical part in the functioning of the Internet. But since DNS queries are sent using UDP, it is vulnerable to Distributed Denial of Service (DDoS) attacks. The attacker can take advantage of this and spoof the source IP address and direct the response towards the victim network. And since the network does not keep track of the number of requests going out and responses coming in, the attacker can flood the network with these unwanted DNS responses. Along with DNS, other protocols are also exploited to perform DDoS. Usage of Network Time Protocol (NTP) is to synchronize clocks on systems. Its monlist command replies with 600 entries of previous traffic records. This response is enormous compared to the request. This functionality is used by the attacker in DDoS. Since these attacks can cause colossal congestion, it is crucial to prevent or mitigate these types of attacks. It is obligatory to discover a way to drop the spoofed packets while entering the network to mitigate this type of attack. Intelligent cybersecurity systems are designed for the detection of these attacks. An Intelligent system has AI and ML algorithms to achieve its function. This paper discusses such intelligent method to detect the attack server from legitimate traffic. This method uses an algorithm that gets activated by excess traffic in the network. The excess traffic is determined by the speed or rate of the requests and responses and their ratio. The algorithm extracts the IP addresses of servers and detects which server is sending more packets than requested or which are not requested. This server can be later blocked using a firewall or Access Control List (ACL).

Keywords: Amplification attacks, DRDoS, domain name system, network time protocol

DOI: 10.3233/JIFS-189173

Journal: Journal of Intelligent & Fuzzy Systems, vol. 39, no. 6, pp. 8565-8572, 2020

Published: 04 December 2020
Price: EUR 27.50
Show more