Department of Computer Science and Information Engineering, National Central University, No.300, Zhongda Rd., Zhongli District, Taoyuan City 320, Taiwan.
Sensors (Basel). 2021 Mar 11;21(6):1980. doi: 10.3390/s21061980.
In this paper, we aim to detect distributed denial of service (DDoS) attacks, and receive a notification of destination service, changing immediately, without the additional efforts of other modules. We designed a kernel-based mechanism to build a new Transmission Control Protocol/Internet Protocol (TCP/IP) connection smartly by the host while the users or clients not knowing the location of the next host. Moreover, we built a lightweight flooding attack detection mechanism in the user mode of an operating system. Given that reinstalling a modified operating system on each client is not realistic, we managed to replace the entry of the system call table with a customized sys_connect. An effective defense depends on fine detection and defensive procedures. In according with our experiments, this novel mechanism can detect flooding DDoS successfully, including SYN flood and ICMP flood. Furthermore, through cooperating with a specific low cost network architecture, the mechanism can help to defend DDoS attacks effectively.
在本文中,我们旨在检测分布式拒绝服务 (DDoS) 攻击,并在不依赖其他模块额外努力的情况下,立即收到目标服务更改的通知。我们设计了一种基于内核的机制,该机制可以在主机在用户或客户端不知道下一个主机位置的情况下,巧妙地建立新的传输控制协议/互联网协议 (TCP/IP) 连接。此外,我们在操作系统的用户模式下构建了一种轻量级的泛洪攻击检测机制。由于在每个客户端上重新安装修改后的操作系统是不现实的,因此我们设法用定制的 sys_connect 替换系统调用表的条目。有效的防御取决于精细的检测和防御程序。根据我们的实验,这种新机制可以成功检测到包括 SYN 泛洪和 ICMP 泛洪在内的泛洪 DDoS 攻击。此外,通过与特定的低成本网络架构合作,该机制可以有效地帮助防御 DDoS 攻击。
