Detecting DRDoS attacks by a simple response packet confirmation mechanism

Hiroshi Tsunoda, Kohei Ohta, Atsunori Yamamoto, Nirwan Ansari, Yuji Waizumi, Yoshiaki Nemoto

Research output: Contribution to journalArticlepeer-review

31 Scopus citations


In this paper, we propose a simple and robust method to detect Distributed Reflective Denial of Service (DRDoS) attacks. In DRDoS attacks, the victim is bombarded by reflected response packets from legitimate hosts, and thus it is difficult to distinguish attack packets from legitimate packets. We focus on the fact that the types of packets used for DRDoS are limited and predictable. Hence, the proposed method monitors only limited pairs of requests and responses, and confirms the validity of the received response packets based on the request-response relationship. Therefore, the proposed method does not need complicated state management such as the stateful inspection method, and thus the detection mechanism becomes simple. We also analyze the complexity of the proposed method, and show that the proposed method requires low processing cost as compared with the conventional method. Through experiments using a real networking environment, we demonstrate that the proposed method can accurately detect DRDoS packets at a low cost.

Original languageEnglish (US)
Pages (from-to)3299-3306
Number of pages8
JournalComputer Communications
Issue number14
StatePublished - Sep 5 2008

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications


  • Detection
  • Distributed reflection DoS
  • Response confirmation


Dive into the research topics of 'Detecting DRDoS attacks by a simple response packet confirmation mechanism'. Together they form a unique fingerprint.

Cite this