Skip to main content
SpringerLink
Log in

A Multi-location Defence Scheme Against SSDP Reflection Attacks in the Internet of Things

  • Conference paper
  • First Online:
Cyberspace Data and Intelligence, and Cyber-Living, Syndrome, and Health (CyberDI 2019, CyberLife 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1137))

  • 1132 Accesses

Abstract

The proliferation of the Internet of Things (IoT) has led to a rapid increase in SSDP (Simple Service Discovery Protocol) reflection attacks. However, there is very scarce work on defending these attacks, with only some engineering advices on shutting down attacked services. This paper proposes a comprehensive approach to defend SSDP reflection attacks, which is called multi-location defence scheme (MLDS). MLDS operates at multiple places, working throughout the attacking link, starting from attack sources to victims, without prior detecting attacks. Attackers usually utilized bots in a botnet to launch attacks, but bots can act as defenders to carry out defence strategies in our MLDS, which is an unconventional approach to make the defence effective. Finally, we analyzed thoroughly packet traffic situations when deploying MLDS to different defence locations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Distributed Reflection Denial of Service Attacks. Accessed April

    Google Scholar 

  2. Akamai: SSDP REFLECTION DDOS ATTACK, akamais [state of the internet]/Threat Advisor

    Google Scholar 

  3. Akamai: State of the internet security 4(2) (2017)

    Google Scholar 

  4. Alqahtani, S., Gamble, R.F.: DDoS attacks in service clouds. In: 2015 48th Hawaii International Conference on System Sciences, vol. 1, pp. 5331–5340, January 2015. https://doi.org/10.1109/HICSS.2015.627

  5. Bhuyan, M.H., Bhattacharyya, D., Kalita, J.: An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recogn. Lett. 51, 1–7 (2015)

    Article  Google Scholar 

  6. Chen, R., Park, J.M.: Attack diagnosis: throttling distributed denial-of-service attacks close to the attack sources. In: 14th International Conference on Computer Communications and Networks, pp. 275–280. IEEE (2015)

    Google Scholar 

  7. Dietzel, C., Feldmann, A., King, T.: Blackholing at IXPs: on the effectiveness of DDoS mitigation in the wild. In: Karagiannis, T., Dimitropoulos, X. (eds.) PAM 2016. LNCS, vol. 9631, pp. 319–332. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30505-9_24

    Chapter  Google Scholar 

  8. Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44, 643–666 (2004)

    Article  Google Scholar 

  9. UPnP Forum FROUM: UPnP remote access-connecting two home or small business networks, June 2012

    Google Scholar 

  10. Gilad, Y., Goberman, M., Herzberg, A., Sudkovitch, M.: CDN-on-demand: an affordable DDoS defense via untrusted clouds. In: Network and Distributed System Security Symposium (2016)

    Google Scholar 

  11. Handley, M., Rescorla, E., IAB: Internet denial-of-service considerations. RFC 4732, RFC Editor, January 2006. http://www.ietf.org/rfc/rfc4732.txt

  12. Huistra, D.: Detecting reflection attacks in DNS flows. In: 19th Twente Student Conference on IT, February 2013

    Google Scholar 

  13. Ioannidis, J., Bellovin, S.M.: Implementing pushback: router based defense against DDoS attacks. In: Proceedings of Network and Distributed System Security Symposium (NDSS) (2002)

    Google Scholar 

  14. Javaid, U., Siang, A.K., Aman, M.N., Sikdar, B.: Mitigating IoT device based DDoS attacks using blockchain. In: Conference Paper, June 2018

    Google Scholar 

  15. Kambourakis, G., Moschos, T., Geneiatakis, D., Gritzalis, S.: Detecting DNS amplification attacks. In: Lopez, J., Hämmerli, B.M. (eds.) CRITIS 2007. LNCS, vol. 5141, pp. 185–196. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89173-4_16

    Chapter  Google Scholar 

  16. Kim, Y., Lau, W.C., Chuah, M.C., Chao, H.J.: PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks. IEEE Trans. Dependable Secure Comput. 3(2), 141–155 (2006)

    Article  Google Scholar 

  17. Lab, K.: DENIAL OF SERVICE: how businesses evaluate the threat of DDoS attacks IT security risks special report series (2014)

    Google Scholar 

  18. Mirkovi, J., Prier, G., Reiher., P.: Source-end DDoS defense. In: Second IEEE International Symposium on Network Computing and Applications, pp. 171–178. NCA, IEEE (2003)

    Google Scholar 

  19. Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and ddos defense mechanisms. Newsl. ACM SIGCOMM Comput. Commun. Rev. 34, 39–53 (2004)

    Article  Google Scholar 

  20. Pack, G., Yoon, J., Collins, E., Estan, C.: On filtering of DDoS attacks based on source address prefixes. In: Securecomm and Workshops, September 2006

    Google Scholar 

  21. Peng, T., Leckie, C., Ramamohanarao, K.: Detecting reflector attacks by sharing beliefs. In: Global Telecommunications Conference, pp. 1358–1362 (2003)

    Google Scholar 

  22. Reading, D.: Report: IoT connected devices leading to rise in SSDP based reflection attacks. Accessed 21 Apr 2015

    Google Scholar 

  23. Rossow, C.: Amplification hell: revisiting network protocols for DDoS abuse. In: Proceedings of NDSS. Internet Society (2014)

    Google Scholar 

  24. Ryba, F.J., Orlinski, M., Wahlisch, M., Rossow, C., Schmidt, T.C.: Amplification and DRDoS attack defense - a survey and new perspectives. arXiv preprint (2015)

    Google Scholar 

  25. Saied, A., Overill, R.E., Radzik, T.: Detection of known and unknown DDoS attacks using artificial neural networks. Neurocomputing 172, 385–393 (2016)

    Article  Google Scholar 

  26. US-CERT: UDP-based amplification attacks (2014)

    Google Scholar 

  27. Wang, X., Reiter, M.K.: Mitigating bandwidth-exhaustion attacks using congestion puzzles. In: 11th ACM Conference on Computer and Communications Security, pp. 257–267 (2004)

    Google Scholar 

  28. Wei, W., Chen, F., Xia, Y., Jin, G.: A rank correlation based detection against distributed reflection DoS attacks. Commun. Lett. 17(1), 173–175 (2013)

    Article  Google Scholar 

  29. Yan, Q., Gong, Q., Yu, F.: Effective software-defined networking controller scheduling method to mitigate DDoS attacks. Electron. Lett. 53(7), 469–471 (2017)

    Article  Google Scholar 

Download references

Acknowledgements

This work is supported by the Key Research Program of Shandong Province (No. 2017GGX10140), the Fundamental Research Funds for the Central Universities (19CX05027B, 19CX05003A-11) and the National Natural Science Foundation of China (61702399, 61772291, 61972215).

Author information

Authors and Affiliations

  1. College of Computer Science and Technology, China University of Petroleum, Qingdao, 266580, China

    Xin Liu, Liang Zheng, Shuai Cao & Weishan Zhang

  2. School of Computing, Lancaster University, Bailrigg, UK

    Sumi Helal

  3. Information Technology and Electrical Engineering, University of Oulu, Oulu, Finland

    Jiehan Zhou

  4. Electrical and Computer Engineering, University of Toronto, Toronto, Canada

    Jiehan Zhou

  5. Nankai University, Tianjin, China

    Hunfu Jia

Authors
  1. Xin Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Liang Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shuai Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sumi Helal
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jiehan Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Hunfu Jia
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Weishan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xin Liu .

Editor information

Editors and Affiliations

  1. University of Science and Technology, Beijing, China

    Huansheng Ning

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, X. et al. (2019). A Multi-location Defence Scheme Against SSDP Reflection Attacks in the Internet of Things. In: Ning, H. (eds) Cyberspace Data and Intelligence, and Cyber-Living, Syndrome, and Health. CyberDI CyberLife 2019 2019. Communications in Computer and Information Science, vol 1137. Springer, Singapore. https://doi.org/10.1007/978-981-15-1922-2_13

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-1922-2_13

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-1921-5

  • Online ISBN: 978-981-15-1922-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation