A reversible sketch-based method for detecting and mitigating amplification attacks

Research output: Contribution to journalArticleScientificpeer-review

Researchers

Research units

  • Xidian University
  • Xi'an Jiaotong University
  • University of Alberta

Abstract

Amplification attacks bring serious threats to network security due to their characteristics of anonymity and amplification. How to detect amplification attacks attracts more and more attention. However, as the age of networking for big data is coming, traditional amplification attack detection methods become inefficient due to the impact of big-volume network traffic that swamp significant signals of attacks. The premise of accurate effective attack detection is efficiently processing big-volume traffic. In this paper, we propose a meaningful work that applies sketch technique to detect and mitigate amplification attacks. This step enables the detection method to handle big-volume network traffic. We use a Chinese Reminder Theorem based Reversible Sketch to directly collect network traffic and then monitor the abrupt changes in one-to-one mapping between request packets and response packets to identify amplification attack traffic. The detection mechanism is robust and efficient since it does not need to record complicated traffic features and makes full use of the basic characteristic of amplification attacks. We examine the performance of our method through a series of experiments conducted on simulation and real world traffic. The results denote that the method can accurately detect and mitigate amplification attacks.

Details

Original languageEnglish
Pages (from-to)15-24
Number of pages10
JournalJournal of Network and Computer Applications
Volume142
Publication statusPublished - 15 Sep 2019
MoE publication typeA1 Journal article-refereed

    Research areas

  • Amplification attacks, Bloom filter, Chinese remainder theorem, Network security, Reversible sketch

ID: 34949134