King's College London

Research portal

A novel systematic and proactive approach to limit reflective DDoS attacks

Student thesis: Doctoral ThesisDoctor of Philosophy

Reflective DDoS (DRDoS) attacks are an almost 20-years-old phenomenon but despite all this time, there are still no effective countermeasures. The main reason for this is that all the current solutions operate reactively. Attackers first discover a DRDoS vulnerability in a protocol, abuse it to create attacks, and finally security experts attempt to fix the particular problem. However, by the time the vulnerability is mitigated, the attackers simply find a new DRDoS vulnerability to exploit, and the cycle continues. 
In this thesis, we propose a novel approach to limit DRDoS attacks based on the hypothesis that it is possible to identify DRDoS protocol vulnerabilities systematically and proactively. We have developed a systematic analysis to achieve this and when we applied it to five well-known network protocols used in DRDoS attacks (CharGen, QotD, DNS, SNMP, and NTP) we discovered that only ‘the tip of the iceberg’ is revealed by the attackers: there are many more ways in which DRDoS attacks can be created using these protocols. 
Altogether we have identified 131 different DRDoS attack scenarios, 76 of which are not reported in the literature. Moreover, we have tested 85 of them empirically. Current statistics for DRDoS attacks, our systematic analysis, outcomes from analysing protocols and experimental validation are set out in this thesis together with a strong argument as to why this novel systematic and proactive approach is required to effectively break the cycle and mitigate DRDoS attacks in the long term.
Original languageEnglish
Awarding Institution
Award date1 Jun 2019

View graph of relations

© 2020 King's College London | Strand | London WC2R 2LS | England | United Kingdom | Tel +44 (0)20 7836 5454