An SDN-based Approach For Defending Against Reflective DDoS Attacks
This addresses the need for automated mitigation of DRDoS attacks, particularly for novel UDP-based services, offering a solution that is transparent and does not rely on target host operator assistance.
The paper tackles the problem of defending against Distributed Reflective Denial of Service (DRDoS) attacks, which threaten Internet services, by developing a new SDN-based approach that is protocol-agnostic, transparent, and effective without requiring prior knowledge of application protocols.
Distributed Reflective Denial of Service (DRDoS) attacks are an immanent threat to Internet services. The potential scale of such attacks became apparent in March 2018 when a memcached-based attack peaked at 1.7 Tbps. Novel services built upon UDP increase the need for automated mitigation mechanisms that react to attacks without prior knowledge of the actual application protocols used. With the flexibility that software-defined networks offer, we developed a new approach for defending against DRDoS attacks; it not only protects against arbitrary DRDoS attacks but is also transparent for the attack target and can be used without assistance of the target host operator. The approach provides a robust mitigation system which is protocol-agnostic and effective in the defense against DRDoS attacks.