Traceback DRDoS Attacks

摘要

At present, researchers have already proposed many methods for tracing DoS or DDoS attack, but few attention is put on DRDoS (Distributed Reflector Denial of Service) traceback. In DRDoS, the slaves hide behind the innocent reflectors, which makes the general DoS or DDoS traceback methods be hard to apply to DRDoS traceback. In this paper, we propose a collaborative traceback method-ADPM (Authenticated Deterministic Packet Marking) to trace DRDoS attack. In ADPM, routers mark request packets, log request packets' mark information and add corresponding logging to response packets, so victims can locate slaves when suffered DRDoS attack. Analysis and simulation results show that ADPM has the following advantages: requires small memory to logs the mark information; be able to resist forging mark information; can be deployed conveniently and incrementally; both the false positive and the number of packets needed for path reconstruction are small.