Abstract
The proliferation of the Internet of Things (IoT) has led to a rapid increase in SSDP (Simple Service Discovery Protocol) reflection attacks. However, there is very scarce work on defending these attacks, with only some engineering advices on shutting down attacked services. This paper proposes a comprehensive approach to defend SSDP reflection attacks, which is called multi-location defence scheme (MLDS). MLDS operates at multiple places, working throughout the attacking link, starting from attack sources to victims, without prior detecting attacks. Attackers usually utilized bots in a botnet to launch attacks, but bots can act as defenders to carry out defence strategies in our MLDS, which is an unconventional approach to make the defence effective. Finally, we analyzed thoroughly packet traffic situations when deploying MLDS to different defence locations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Distributed Reflection Denial of Service Attacks. Accessed April
Akamai: SSDP REFLECTION DDOS ATTACK, akamais [state of the internet]/Threat Advisor
Akamai: State of the internet security 4(2) (2017)
Alqahtani, S., Gamble, R.F.: DDoS attacks in service clouds. In: 2015 48th Hawaii International Conference on System Sciences, vol. 1, pp. 5331–5340, January 2015. https://doi.org/10.1109/HICSS.2015.627
Bhuyan, M.H., Bhattacharyya, D., Kalita, J.: An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recogn. Lett. 51, 1–7 (2015)
Chen, R., Park, J.M.: Attack diagnosis: throttling distributed denial-of-service attacks close to the attack sources. In: 14th International Conference on Computer Communications and Networks, pp. 275–280. IEEE (2015)
Dietzel, C., Feldmann, A., King, T.: Blackholing at IXPs: on the effectiveness of DDoS mitigation in the wild. In: Karagiannis, T., Dimitropoulos, X. (eds.) PAM 2016. LNCS, vol. 9631, pp. 319–332. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30505-9_24
Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44, 643–666 (2004)
UPnP Forum FROUM: UPnP remote access-connecting two home or small business networks, June 2012
Gilad, Y., Goberman, M., Herzberg, A., Sudkovitch, M.: CDN-on-demand: an affordable DDoS defense via untrusted clouds. In: Network and Distributed System Security Symposium (2016)
Handley, M., Rescorla, E., IAB: Internet denial-of-service considerations. RFC 4732, RFC Editor, January 2006. http://www.ietf.org/rfc/rfc4732.txt
Huistra, D.: Detecting reflection attacks in DNS flows. In: 19th Twente Student Conference on IT, February 2013
Ioannidis, J., Bellovin, S.M.: Implementing pushback: router based defense against DDoS attacks. In: Proceedings of Network and Distributed System Security Symposium (NDSS) (2002)
Javaid, U., Siang, A.K., Aman, M.N., Sikdar, B.: Mitigating IoT device based DDoS attacks using blockchain. In: Conference Paper, June 2018
Kambourakis, G., Moschos, T., Geneiatakis, D., Gritzalis, S.: Detecting DNS amplification attacks. In: Lopez, J., Hämmerli, B.M. (eds.) CRITIS 2007. LNCS, vol. 5141, pp. 185–196. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89173-4_16
Kim, Y., Lau, W.C., Chuah, M.C., Chao, H.J.: PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks. IEEE Trans. Dependable Secure Comput. 3(2), 141–155 (2006)
Lab, K.: DENIAL OF SERVICE: how businesses evaluate the threat of DDoS attacks IT security risks special report series (2014)
Mirkovi, J., Prier, G., Reiher., P.: Source-end DDoS defense. In: Second IEEE International Symposium on Network Computing and Applications, pp. 171–178. NCA, IEEE (2003)
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and ddos defense mechanisms. Newsl. ACM SIGCOMM Comput. Commun. Rev. 34, 39–53 (2004)
Pack, G., Yoon, J., Collins, E., Estan, C.: On filtering of DDoS attacks based on source address prefixes. In: Securecomm and Workshops, September 2006
Peng, T., Leckie, C., Ramamohanarao, K.: Detecting reflector attacks by sharing beliefs. In: Global Telecommunications Conference, pp. 1358–1362 (2003)
Reading, D.: Report: IoT connected devices leading to rise in SSDP based reflection attacks. Accessed 21 Apr 2015
Rossow, C.: Amplification hell: revisiting network protocols for DDoS abuse. In: Proceedings of NDSS. Internet Society (2014)
Ryba, F.J., Orlinski, M., Wahlisch, M., Rossow, C., Schmidt, T.C.: Amplification and DRDoS attack defense - a survey and new perspectives. arXiv preprint (2015)
Saied, A., Overill, R.E., Radzik, T.: Detection of known and unknown DDoS attacks using artificial neural networks. Neurocomputing 172, 385–393 (2016)
US-CERT: UDP-based amplification attacks (2014)
Wang, X., Reiter, M.K.: Mitigating bandwidth-exhaustion attacks using congestion puzzles. In: 11th ACM Conference on Computer and Communications Security, pp. 257–267 (2004)
Wei, W., Chen, F., Xia, Y., Jin, G.: A rank correlation based detection against distributed reflection DoS attacks. Commun. Lett. 17(1), 173–175 (2013)
Yan, Q., Gong, Q., Yu, F.: Effective software-defined networking controller scheduling method to mitigate DDoS attacks. Electron. Lett. 53(7), 469–471 (2017)
Acknowledgements
This work is supported by the Key Research Program of Shandong Province (No. 2017GGX10140), the Fundamental Research Funds for the Central Universities (19CX05027B, 19CX05003A-11) and the National Natural Science Foundation of China (61702399, 61772291, 61972215).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Liu, X. et al. (2019). A Multi-location Defence Scheme Against SSDP Reflection Attacks in the Internet of Things. In: Ning, H. (eds) Cyberspace Data and Intelligence, and Cyber-Living, Syndrome, and Health. CyberDI CyberLife 2019 2019. Communications in Computer and Information Science, vol 1137. Springer, Singapore. https://doi.org/10.1007/978-981-15-1922-2_13
Download citation
DOI: https://doi.org/10.1007/978-981-15-1922-2_13
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-1921-5
Online ISBN: 978-981-15-1922-2
eBook Packages: Computer ScienceComputer Science (R0)