Amplification and DRDoS Attack Defense -- A Survey and New Perspectives
This is an incremental survey that consolidates existing knowledge to help researchers and practitioners address network security threats like amplification attacks.
The paper surveys amplification and DRDoS attacks, analyzing major incidents like those exceeding 300Gbps since 2013, and compares detection, prevention, and tracing proposals, including spoofing defenses, to provide a comprehensive introduction and bibliography.
The severity of amplification attacks has grown in recent years. Since 2013 there have been at least two attacks which involved over 300Gbps of attack traffic. This paper offers an analysis of these and many other amplification attacks. We compare a wide selection of different proposals for detecting and preventing amplification attacks, as well as proposals for tracing the attackers. Since source IP spoofing plays an important part in almost all of the attacks mentioned, a survey on the state of the art in spoofing defenses is also presented. This work acts as an introduction into amplification attacks and source IP address spoofing. By combining previous works into a single comprehensive bibliography, and with our concise discussion, we hope to prevent redundant work and encourage others to find practical solutions for defending against future amplification attacks.