Amplification and DRDoS Attack Defense -- A Survey and New Perspectives

TL;DR

This paper surveys amplification and DRDoS attacks, analyzing their evolution, detection, prevention, and tracing methods, while also reviewing spoofing defenses, to provide a comprehensive overview and guide future research in attack mitigation.

Contribution

It offers a comprehensive survey of amplification attacks, detection methods, tracing techniques, and spoofing defenses, integrating previous works to facilitate future research and practical solutions.

Findings

Amplification attacks can reach over 300Gbps in traffic.

Multiple detection and prevention proposals exist with varying effectiveness.

Spoofing defenses are crucial for mitigating amplification attacks.

Abstract

The severity of amplification attacks has grown in recent years. Since 2013 there have been at least two attacks which involved over 300Gbps of attack traffic. This paper offers an analysis of these and many other amplification attacks. We compare a wide selection of different proposals for detecting and preventing amplification attacks, as well as proposals for tracing the attackers. Since source IP spoofing plays an important part in almost all of the attacks mentioned, a survey on the state of the art in spoofing defenses is also presented. This work acts as an introduction into amplification attacks and source IP address spoofing. By combining previous works into a single comprehensive bibliography, and with our concise discussion, we hope to prevent redundant work and encourage others to find practical solutions for defending against future amplification attacks.