Defending against DDoS Attacks under IP Spoofing Using Image Processing Approach
Summary :
This paper presents a novel defense scheme for DDoS attacks that uses an image processing method. This scheme especially focused on the prevalence of adjacent neighbor spoofing, called subnet spoofing. It is rarely studied and there is few or no feasible approaches than other spoofing attacks. The key idea is that a “DDoS attack with IP spoofing” is represented as a specific pattern such as a “line” on the spatial image planes, which can be recognized through an image processing technique. Applying the clustering technique to the lines makes it possible to identify multiple attack source networks simultaneously. For the identified networks in which the zombie hosts reside, we then employ a signature-based pattern extraction algorithm, called a pivoted movement, and the DDoS attacks are filtered by correlating the IP and media access control pairing signature. As a result, this proposed scheme filters attacks without disturbing legitimate traffic. Unlike previous IP traceback schemes such as packet marking and path fingerprinting, which try to diagnose the entire attack path, our proposed scheme focuses on identifying only the attack source. Our approach can achieve an adaptive response to DDoS attacks, thereby mitigating them at the source, while minimizing the disruption of legitimate traffic. The proposed scheme is analyzed and evaluated on the IPv4 and IPv6 network topology from CAIDA, the results of which show its effectiveness.
- Publication
- IEICE TRANSACTIONS on Communications Vol.E99-B No.7 pp.1511-1522
- Publication Date
- 2016/07/01
- Publicized
- Online ISSN
- 1745-1345
- DOI
- 10.1587/transcom.2015EBP3457
- Type of Manuscript
- PAPER
- Category
- Internet
Authors
Tae Hwan KIM
Electronics and Telecommunications Research Institute
Dong Seong KIM
the University of Canterbury
Hee Young JUNG
Electronics and Telecommunications Research Institute
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Tae Hwan KIM, Dong Seong KIM, Hee Young JUNG, "Defending against DDoS Attacks under IP Spoofing Using Image Processing Approach" in IEICE TRANSACTIONS on Communications,
vol. E99-B, no. 7, pp. 1511-1522, July 2016, doi: 10.1587/transcom.2015EBP3457.
Abstract: This paper presents a novel defense scheme for DDoS attacks that uses an image processing method. This scheme especially focused on the prevalence of adjacent neighbor spoofing, called subnet spoofing. It is rarely studied and there is few or no feasible approaches than other spoofing attacks. The key idea is that a “DDoS attack with IP spoofing” is represented as a specific pattern such as a “line” on the spatial image planes, which can be recognized through an image processing technique. Applying the clustering technique to the lines makes it possible to identify multiple attack source networks simultaneously. For the identified networks in which the zombie hosts reside, we then employ a signature-based pattern extraction algorithm, called a pivoted movement, and the DDoS attacks are filtered by correlating the IP and media access control pairing signature. As a result, this proposed scheme filters attacks without disturbing legitimate traffic. Unlike previous IP traceback schemes such as packet marking and path fingerprinting, which try to diagnose the entire attack path, our proposed scheme focuses on identifying only the attack source. Our approach can achieve an adaptive response to DDoS attacks, thereby mitigating them at the source, while minimizing the disruption of legitimate traffic. The proposed scheme is analyzed and evaluated on the IPv4 and IPv6 network topology from CAIDA, the results of which show its effectiveness.
URL: https://globals.ieice.org/en_transactions/communications/10.1587/transcom.2015EBP3457/_p
Copy
@ARTICLE{e99-b_7_1511,
author={Tae Hwan KIM, Dong Seong KIM, Hee Young JUNG, },
journal={IEICE TRANSACTIONS on Communications},
title={Defending against DDoS Attacks under IP Spoofing Using Image Processing Approach},
year={2016},
volume={E99-B},
number={7},
pages={1511-1522},
abstract={This paper presents a novel defense scheme for DDoS attacks that uses an image processing method. This scheme especially focused on the prevalence of adjacent neighbor spoofing, called subnet spoofing. It is rarely studied and there is few or no feasible approaches than other spoofing attacks. The key idea is that a “DDoS attack with IP spoofing” is represented as a specific pattern such as a “line” on the spatial image planes, which can be recognized through an image processing technique. Applying the clustering technique to the lines makes it possible to identify multiple attack source networks simultaneously. For the identified networks in which the zombie hosts reside, we then employ a signature-based pattern extraction algorithm, called a pivoted movement, and the DDoS attacks are filtered by correlating the IP and media access control pairing signature. As a result, this proposed scheme filters attacks without disturbing legitimate traffic. Unlike previous IP traceback schemes such as packet marking and path fingerprinting, which try to diagnose the entire attack path, our proposed scheme focuses on identifying only the attack source. Our approach can achieve an adaptive response to DDoS attacks, thereby mitigating them at the source, while minimizing the disruption of legitimate traffic. The proposed scheme is analyzed and evaluated on the IPv4 and IPv6 network topology from CAIDA, the results of which show its effectiveness.},
keywords={},
doi={10.1587/transcom.2015EBP3457},
ISSN={1745-1345},
month={July},}
Copy
TY - JOUR
TI - Defending against DDoS Attacks under IP Spoofing Using Image Processing Approach
T2 - IEICE TRANSACTIONS on Communications
SP - 1511
EP - 1522
AU - Tae Hwan KIM
AU - Dong Seong KIM
AU - Hee Young JUNG
PY - 2016
DO - 10.1587/transcom.2015EBP3457
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E99-B
IS - 7
JA - IEICE TRANSACTIONS on Communications
Y1 - July 2016
AB - This paper presents a novel defense scheme for DDoS attacks that uses an image processing method. This scheme especially focused on the prevalence of adjacent neighbor spoofing, called subnet spoofing. It is rarely studied and there is few or no feasible approaches than other spoofing attacks. The key idea is that a “DDoS attack with IP spoofing” is represented as a specific pattern such as a “line” on the spatial image planes, which can be recognized through an image processing technique. Applying the clustering technique to the lines makes it possible to identify multiple attack source networks simultaneously. For the identified networks in which the zombie hosts reside, we then employ a signature-based pattern extraction algorithm, called a pivoted movement, and the DDoS attacks are filtered by correlating the IP and media access control pairing signature. As a result, this proposed scheme filters attacks without disturbing legitimate traffic. Unlike previous IP traceback schemes such as packet marking and path fingerprinting, which try to diagnose the entire attack path, our proposed scheme focuses on identifying only the attack source. Our approach can achieve an adaptive response to DDoS attacks, thereby mitigating them at the source, while minimizing the disruption of legitimate traffic. The proposed scheme is analyzed and evaluated on the IPv4 and IPv6 network topology from CAIDA, the results of which show its effectiveness.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
