Abstract
There are too many servers on the Internet that have already been used, or that are vulnerable and can potentially be used to launch DDoS attacks. Even though awareness increases and organizations begin to lock down those systems, there are plenty of other protocols that can be exploited to be used instead of them. One example is the Simple Network Management Protocol (SNMP), which is a common UDP protocol used for network management. Several types of network devices actually come with SNMP ”on” by default. A request sent to an SNMP server returns a response that is larger than the query that came in.
The main aim of this paper is to investigate on the increasing prevalence and destructive power of amplification-based distributed denial of service (DDoS) attacks in order to present a solution based on a profiling methodology. The paper encompass three aspects: amplification DDoS attacks and main port used, the profiling methodology as a mean of identifying the threat and shape it. Finally, a proposal solution is given by considering both strategic and technical aspects.
Chapter PDF
Similar content being viewed by others
References
Verisign Inc.: Verisign Distributed Denial of Service Trends Report, issue 1 ? 1st quarter 2014, www.verisigninc.com/en_US/website-availability/ddos-protection/ddos-report/index.xhtml
Kumar, S.: Smurf-based distributed denial of service (ddos) attack amplification in internet. In: IEEE Second International Conference on Internet Monitoring and Protection, ICIMP 2007, p. 25 (2007)
CC, C.: Smurf IP Denial-Of-Service Attacks - CERT ADVISORY CA-1998-01 (2000), http://www.cert.org/advisories/CA-1998-01.html
Specht, S.M., Lee, R.B.: Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures. In: ISCA PDCS, pp. 543–550 (2004)
Schreier, F.: On Cyberwarfare, DCAF Horizon 2015 Working Paper Series (7) (2012), http://www.dcaf.ch/Publications/On-Cyberwarfare
Fenza, G., Furno, D., Loia, V., Veniero, M.: Agent-based Cognitive approach to Airport Security Situation Awareness. In: 2010 International Conference on Complex, Intelligent and Software Intensive Systems, pp. 1057–1062 (2010)
Furno, D., Loia, V., Veniero, M., Anisetti, M., Bellandi, V., Ceravolo, P., Damiani, E.: Towards an agent-based architecture for managing uncertainty in situation awareness. In: 2011 IEEE Symposium on Intelligent Agent (IA), pp. 1–6 (April 2011)
De Maio, C., Fenza, G., Furno, D., Loia, V.: Swarm-based semantic fuzzy reasoning for situation awareness computing. In: 2012 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE), pp. 1–7 (June 2012)
Vidulich, M., Dominguez, C., Vogel, E., McMillan, G.: Situation awareness: papers and annotated bibliography - Armstrong Laboratory, Human System Center, ref. AL/CF-TR-1994-0085 (1994), http://www.dtic.mil/dtic/tr/fulltext/u2/a284752.pdf
Colombini, C., Colella, A.: Digital Profiling: A Computer Forensics Approach. In: Tjoa, A.M., Quirchmayr, G., You, I., Xu, L. (eds.) ARES 2011. LNCS, vol. 6908, pp. 330–343. Springer, Heidelberg (2011)
Colella, A., Colombini, C.M.: Cyber-space, Cyberware, Cyber-weapons. In: Attanasio, A., Costabile, G. (eds.) IISFA MEMBERBOOK 2012 DIGITAL FORENSICS, Experta Edizioni (2012) (in Italian)
Colombini, C.M., Colella, A., Mattiucci, M., Castiglione, A.: Network Profiling: Content Analysis of Users Behavior in Digital Communication Channel. In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds.) CD-ARES 2012. LNCS, vol. 7465, pp. 416–429. Springer, Heidelberg (2012)
Colombini, C., Colella, A.: Digital scene of crime: technique of profiling users. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) 3(3), 50–73 (2012)
Palmieri, F., Fiore, U.: Network anomaly detection through nonlinear analysis. Computers & Security 29(7), 737–755 (2010)
Palmieri, F., Fiore, U., Castiglione, A.: A distributed approach to network anomaly detection based on independent component analysis. Concurrency and Computation: Practice and Experience 26(5), 1113–1129 (2014)
Fiore, U., Palmieri, F., Castiglione, A., De Santis, A.: Network anomaly detection with the restricted Boltzmann machine. Neurocomputing 122, 13–23 (2013)
Colombini, C.M., Colella, A., Mattiucci, M., Castiglione, A.: Cyber Threats Monitoring: Experimental Analysis of Malware Behavior in Cyberspace. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES Workshops 2013. LNCS, vol. 8128, pp. 236–252. Springer, Heidelberg (2013)
Colella, A., Colombini, C.M.: La rete e le informazioni, raccolta e uso illecito dei dati. In: Attanasio, A., Costabile, G. (eds.) IISFA MEMBERBOOK 2011 DIGITAL FORENSICS, Experta Edizioni, pp. 201–220 (2012) (in Italian)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Colella, A., Colombini, C.M. (2014). Amplification DDoS Attacks: Emerging Threats and Defense Strategies. In: Teufel, S., Min, T.A., You, I., Weippl, E. (eds) Availability, Reliability, and Security in Information Systems. CD-ARES 2014. Lecture Notes in Computer Science, vol 8708. Springer, Cham. https://doi.org/10.1007/978-3-319-10975-6_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-10975-6_24
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10974-9
Online ISBN: 978-3-319-10975-6
eBook Packages: Computer ScienceComputer Science (R0)