Use this URL to cite or link to this record in EThOS: https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.789231
Title: A novel systematic and proactive approach to limit reflective DDoS attacks
Author: Vadura, Matus
ISNI:       0000 0004 8500 2565
Awarding Body: King's College London
Current Institution: King's College London (University of London)
Date of Award: 2019
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Restricted access.
Access from Institution:
Abstract:
Reflective DDoS (DRDoS) attacks are an almost 20-years-old phenomenon but despite all this time, there are still no effective countermeasures. The main reason for this is that all the current solutions operate reactively. Attackers first discover a DRDoS vulnerability in a protocol, abuse it to create attacks, and finally security experts attempt to fix the particular problem. However, by the time the vulnerability is mitigated, the attackers simply find a new DRDoS vulnerability to exploit, and the cycle continues. In this thesis, we propose a novel approach to limit DRDoS attacks based on the hypothesis that it is possible to identify DRDoS protocol vulnerabilities systematically and proactively. We have developed a systematic analysis to achieve this and when we applied it to five well-known network protocols used in DRDoS attacks (CharGen, QotD, DNS, SNMP, and NTP) we discovered that only 'the tip of the iceberg' is revealed by the attackers: there are many more ways in which DRDoS attacks can be created using these protocols. Altogether we have identified 131 different DRDoS attack scenarios, 76 of which are not reported in the literature. Moreover, we have tested 85 of them empirically. Current statistics for DRDoS attacks, our systematic analysis, outcomes from analysing protocols and experimental validation are set out in this thesis together with a strong argument as to why this novel systematic and proactive approach is required to effectively break the cycle and mitigate DRDoS attacks in the long term.
Supervisor: Overill, Richard Edward ; Vigano, Luca Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.789231  DOI: Not available
Share: