Computer Science

Computer Science ›› 2022, Vol. 49 ›› Issue (11A): 211000089-5.doi: 10.11896/jsjkx.211000089

• Information Security • Previous Articles     Next Articles

Discovery of Unknown UDP Reflection Amplification Protocol Based on Traffic Analysis

LU Xuan-ting, CAI Rui-jie, LIU Sheng-li   

  1. State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China
    Information Engineering University,Zhengzhou 450001,China
  • Online:2022-11-10 Published:2022-11-21
  • About author:LU Xuan-ting,born in 1992,postgra-duate.His main research interests include network device security and network attack detection.
    LIU Sheng-li,born in 1973,Ph.D professor.His main research interests include network device security and network attack detection.
  • Supported by:
    National Basic Research Program of China(2019QY1300) and Science & Technology Commission Foundation Strengthening Project(2019-JCJQ-ZD-113).

PDF (PC)

401

Abstract: In recent years,the frequency and scale of DDOS attacks have increased,which has posed great challenges to network security.Among them,UDP reflection amplification attacks have become the attack method favored by hackers due to their low attack cost,huge attack traffic,and difficulty in tracing the source.Most of the current filtering and defense strategies are derived from the analysis and review after the attack,and there is a certain degree of passivity and lag in the face of the endless new UDP reflection attacks.This paper proposes a method based on traffic analysis to discover undisclosed protocols with the potential of UDP reflection amplification.Based on the two fundamental characteristics of magnification and reflectivity,this method selects traffic samples that meet the characteristics of reflective amplification from daily network traffic.Then,the replay attack is used to verify whether the samples are repeatable,and the qualified samples are recorded for research on related service protocols.Finally,a new type of undisclosed reflection amplification protocol is successfully discovered.The detection program constructed with this method has been tested for accuracy and processing rate in the experimental environment and the Internet respectively,and a variety of reflection amplification protocols are found to proactively defend against possible reflection amplification attacks.

Key words: DDOS, UDP reflection amplification attack, Cyber security, Flow detection, Active defense

CLC Number: 

  • TP393
[1]PRINCE M.Technical Details Behind a 400Gbs NTP Amplification DDos Attack[EB/OL].(2014-02-13) [2021-10-12].https://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack/.
[2]NEWMAN L H.GitHub Survived the Biggest DDoS AttackEver Recorded [EB/OL].(2018-03-01) [2021-10-12].https://www.wired.com/story/github-ddos-memcached/?utm_source=quora.
[3]US-CERT.UDP-Based Amplification Attacks [EB/OL].(2019-12-18) [2021-10-12].https://www.wired.com/story/github-ddos-memcached/?utm_source=quora.
[4]PAXSON V.An analysis of using reflectors for distributed denial-of-service attacks [J].ACM SIGCOMM Computer Communication Review,2001,31(3):38-47.
[5]ROSSOW C.Amplification Hell,Revisiting Network Protocols for DDoS Abuse[C]//Proceedings of the 2014 Network and Distributed Systems Security Symposium(NDSS 2014).2014:23-26.
[6]XU Y,KENSHIN.CLDAP is Now the No.3 Reflection Amplified DDoS Attack Vector,Surpassing SSDP and CharGen [EB/OL].(2017-11-01) [2021-10-12].https://blog.netlab.360.com/cldap-is-now-the-3rd-reflection-amplified-ddos-attack-vector-surpassing-ssdp-and-chargen-en/.
[7]BARRY G.Memcached on port 11211 UDP & TCP being exploited [EB/OL].(2018-02-27) [2021-10-12].https://www.senki.org/memcached-on-port-11211-udp-tcp-being-exploited/.
[8]RESPETO J.New ddos vector observed in the wild:wsd attacks hitting 35/GBPS [EB/OL].(2019-09-27) [2021-10-12].https://blogs.akamai.com/sitr/2019/09/new-ddos-vector-obser-ved-in-the-wild-wsd-attacks-hitting-35gbps.html.
[9]ZHOU W F.Research on detection and response technology of udp reflection attack[D].Nanjing:Southeast University,2018.
[1] WANG Lei, LI Xiao-yu. LBS Mobile Privacy Protection Scheme Based on Random Onion Routing [J]. Computer Science, 2022, 49(9): 347-354.
[2] TAO Li-jing, QIU Han, ZHU Jun-hu, LI Hang-tian. Model for the Description of Trainee Behavior for Cyber Security Exercises Assessment [J]. Computer Science, 2022, 49(6A): 480-484.
[3] LI Bei-bei, SONG Jia-rui, DU Qing-yun, HE Jun-jiang. DRL-IDS:Deep Reinforcement Learning Based Intrusion Detection System for Industrial Internet of Things [J]. Computer Science, 2021, 48(7): 47-54.
[4] LI Na-na, WANG Yong, ZHOU Lin, ZOU Chun-ming, TIAN Ying-jie, GUO Nai-wang. DDoS Attack Random Forest Detection Method Based on Secondary Screening of Feature Importance [J]. Computer Science, 2021, 48(6A): 464-467.
[5] CHEN Ming-hao, ZHU Yue-fei, LU Bin, ZHAI Yi, LI Ding. Classification of Application Type of Encrypted Traffic Based on Attention-CNN [J]. Computer Science, 2021, 48(4): 325-332.
[6] NAN Shi-hui, WEI Wei, WU Hua-qing, ZOU Jing-rong, ZHAO Zhi-wen. Web Server Fingerprint Identification Technology Based on KNN and GBDT [J]. Computer Science, 2018, 45(8): 141-145.
[7] SUO Yan-feng, WANG Shao-jie, QIN Yu, LI Qiu-xiang, FENG Da-jun and LI Jing-chun. Summary of Security Technology and Application in Industrial Control System [J]. Computer Science, 2018, 45(4): 25-33.
[8] YU Xue-shan, HAN De-zhi, DU Zheng-xin. DDoS Attack Detection System Based on Intelligent Bee Colony Algorithm [J]. Computer Science, 2018, 45(12): 123-129.
[9] WU Ze-hui, WEI Qiang and WANG Qing-xian. Survey for Attack and Defense Approaches of OpenFlow-enabled Software Defined Network [J]. Computer Science, 2017, 44(6): 121-132.
[10] LUO Kai, LUO Jun-yong, YIN Mei-juan, LIU Yan and GAO Li-zheng. Survey on Distinction between Flash Crowd and DDoS Attacks [J]. Computer Science, 2015, 42(Z11): 313-316.
[11] WEI Mei-lin, ZHANG Ming-qing, TANG Jun and KONG Hong-shan. Formal Modeling of Complex Network Security Based on MAS [J]. Computer Science, 2015, 42(3): 102-105.
[12] ZHANG Hong-hao,WANG Jin-song,HUANG Wei and ZHAO Xiang-lin. Capabilities-based DDoS Defense Architecture for Future Internet [J]. Computer Science, 2014, 41(7): 210-215.
[13] SHI Yun-fang,WU Dong-ying,LIU Sheng-li and GAO Xiang. Research on DDoS Attack-defense Game Model Based on Q-learning [J]. Computer Science, 2014, 41(11): 203-207.
[14] WANG Rui. Mechanism of Detecting and Preventing Application Layer DDOS Attack Based on Traceback [J]. Computer Science, 2013, 40(Z11): 175-177.
[15] XIE Bai-lin,JIANG Sheng-yi and ZHANG Qian-sheng. Application-layer DDoS Attack Detection Based on Request Keywords [J]. Computer Science, 2013, 40(7): 121-125.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.