Computer Science

Computer Science ›› 2024, Vol. 51 ›› Issue (8): 412-419.doi: 10.11896/jsjkx.230500227

• Information Security • Previous Articles     Next Articles

New Type of UDP Reflection Amplification Protocol Recognition Method Based on Active-Passive Combination

CHEN Hongwei, YIN Xiaokang, GAI Xianzhe, JIA Fan, LIU Shengli, CAI Ruijie   

  1. Information Engineering University,Zhengzhou 450001,China
  • Received:2023-05-30 Revised:2023-10-16 Online:2024-08-15 Published:2024-08-13
  • About author:CHEN Hongwei,born in 1995,postgra-duate.His main research interests include network device security and network attack detection.
    CAI Ruijie,born in 1990,Ph.D candidate,lecturer.His main research in-terests include network security,binary code analysis and vulnerability disco-very.

PDF (PC)

309

Abstract: Reflection amplification attack has gradually become a mainstream DDoS attack method because of its high-quality traffic doubling ability and anti-traceability capability.In recent years,new UDP reflection amplification attack methods represented by Internet of Things protocols such as OpenVPN have emerged constantly,showing a trend of multi-protocol combination reflection amplification.However,current UDP reflection amplification detection methods have some problems,such as inaccurate detection results and insufficient detection efficiency.In order to improve the UDP reflection amplification detection capability,a new type of UDP reflection amplification protocol recognition method based on active-passive combination is proposed.Firstly,the known Internet of Things reflection amplification protocol traffic is obtained through active detection method and is used as the experimental dataset.Secondly,in the process of automatic traffic analysis,dual threshold determination and multivariate feature matching are used to capture the unknown reflection amplification protocol and trigger mode.Finally,verify the authenticity through replay.Experimental results show that this method can effectively detect the reflection amplification traffic targeting UDP protocol,with an precision of 99.88%.The potential reflection amplification ability of the QUIC protocol has been disco-vered,effectively improving the protection ability against reflection amplification attacks.

Key words: DDoS attack, UDP reflection amplification, Active-Passive combination, Active detection, Traffic analysis

CLC Number: 

  • TP393
[1]SRINIVAS P.Are You Ready to Counter UDP-Based Amplification Attacks? [EB/OL].(2018-03-27) [2023-03-22].https://blogs.infoblox.com/company/are-you-ready-to-counter-udp-based-amplification-attacks/.
[2]MATTHEW P.The DDoS That Knocked Spamhaus Offline(And How We Mitigated It) [EB/OL].(2013-03-21) [2023-03-22].https://laptrinhx.com/the-ddos-that-knocked-spamhaus-offline-and-how-we-mitigated-it-542830916/.
[3]ALEX F.CVE-2022-26143:TP240PhoneHome reflection/am-plification DDoS attack vector [EB/OL].(2022-03-08) [2023-03-22].https://blog.cloudflare.com/cve-2022-26143/.
[4]CHRISTIAN R.Amplification Hell,Revisiting Network Proto-cols for DDoS Abuse [C]//Proceedings of the 2014 Network and Distributed Systems Security Symposium(NDSS 2014).2014:23-26.
[5]LI G.Research of scanning and drdos attack detection based on netflow[D].Nanjing:Southeast University,2016.
[6]LUX T,CAI R J,LIU S L.Discovery of unknown UDP reflection amplification protocol based on traffic analysis [J].Computer Science,2022,49(S2):211000089-5.
[7]OTHMAN R.Understanding the various types of denial of ser-vice attack [J].Business Week Online,2000.
[8]PAXSON V.An analysis of using reflectors for distributed de-nial-of-service attacks [J].ACM SIGCOMM Computer Communication Review,2001,31(3):38-47.
[9]KEVIN B,ABDULRAHMAN A,YAIR F,et al.Weaponizing Middleboxes for TCP Reflected Amplification [C]//30th USENIX Security Symposium(USENIX Security 2021).2021:3345-3361.
[10]SOO-JIN M,YINY C,RAHUL A S,et al.Accurately Measu-ring Global Risk of Amplification Attacks using Amp Map [C]//30th USENIX Security Symposium(USENIX Security 2021).2021:3881-3898.
[11]JOHANNES K,ILYA G,CHRISTIAN R.AMPFUZZ:Fuzzing for Amplification DDoS Vulnerabilities [C]//31th USENIX Security Symposium(USENIX Security 2022).2022:1043-1060.
[12]IMAN S,ARASH H L,SAQIB H,et al.Developing RealisticDistributed Denial of Service(DDoS) Attack Dataset and Taxo-nomy [C]//2019 International Carnahan Conference on Secu-rity Technology(ICCST).IEEE,2019.
[13]HUSSAIN Y S.Network Intrusion Detection for DistributedDenial-of-Service(DDoS) Attacks using Machine Learning Classification Techniques [D].Toronto:University of Toronto,2011.
[14]MATHEUS P N,LUIZ F C,JAIME L,et al.Long Short-Term Memory and Fuzzy Logic for Anomaly Detection and Mitigation in Software-Defined Network Environment [C]//IEEE Access.IEEE,2020:83765-83781.
[15]SAIF R,MUBASHIR K,SYED I I,et al.DIDDOS:An approach for detection and identification of Distributed Denial of Service(DDoS) cyberattacks using Gated Recurrent Units(GRU) [J].Future Generation Computer Systems,2021,118:453-466.
[1] PANG Xing-long, ZHU Guo-sheng. Survey of Network Traffic Analysis Based on Semi Supervised Learning [J]. Computer Science, 2022, 49(6A): 544-554.
[2] LU Xuan-ting, CAI Rui-jie, LIU Sheng-li. Discovery of Unknown UDP Reflection Amplification Protocol Based on Traffic Analysis [J]. Computer Science, 2022, 49(11A): 211000089-5.
[3] LI Na-na, WANG Yong, ZHOU Lin, ZOU Chun-ming, TIAN Ying-jie, GUO Nai-wang. DDoS Attack Random Forest Detection Method Based on Secondary Screening of Feature Importance [J]. Computer Science, 2021, 48(6A): 464-467.
[4] GUO Qi, CUI Jing-song. Covert Communication Method Based on Closed Source Streaming Media [J]. Computer Science, 2019, 46(9): 150-155.
[5] YU Xue-shan, HAN De-zhi, DU Zheng-xin. DDoS Attack Detection System Based on Intelligent Bee Colony Algorithm [J]. Computer Science, 2018, 45(12): 123-129.
[6] LUO Kai, LUO Jun-yong, YIN Mei-juan, LIU Yan and GAO Li-zheng. Survey on Distinction between Flash Crowd and DDoS Attacks [J]. Computer Science, 2015, 42(Z11): 313-316.
[7] YAN Ruo-yu. DDoS Attacks Detection Method Based on Traffic Matrix and Kalman Filter [J]. Computer Science, 2014, 41(3): 176-180.
[8] CHEN Yi-ou,HU Jian-hao and LING Xiang. Self-similarity Analysis and Modeling for On-chip Traffic [J]. Computer Science, 2014, 41(12): 13-18.
[9] SHI Yun-fang,WU Dong-ying,LIU Sheng-li and GAO Xiang. Research on DDoS Attack-defense Game Model Based on Q-learning [J]. Computer Science, 2014, 41(11): 203-207.
[10] XIE Bai-lin,JIANG Sheng-yi and ZHANG Qian-sheng. Application-layer DDoS Attack Detection Based on Request Keywords [J]. Computer Science, 2013, 40(7): 121-125.
[11] LIU Yue,LI Qiang and LI Zhou-jun. Survey of P2P Network Security and Defense Mechanism [J]. Computer Science, 2013, 40(4): 9-13.
[12] . [J]. Computer Science, 2007, 34(12): 78-81.
[13] LUO Guang-Chun , LU Xian-Liang  (Information Centre of UEST of China, Chengdu 610054). [J]. Computer Science, 2006, 33(3): 101-104.
[14] WANG Yong-Jie, XIAN Ming ,CHEN Zhi-Jie ,WANG Guo-Yu (School of Electronic Science and Engineering , NUDT , Changsha 410073). [J]. Computer Science, 2006, 33(10): 97-100.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.