University of Twente Student Theses

Login

A signature-based Approach to DDoS Attack Mitigation using BGP Flowspec Rules

Kock, Joeri (2019) A signature-based Approach to DDoS Attack Mitigation using BGP Flowspec Rules.

[img] PDF
1MB
Abstract:Distributed Denial-of-Service (DDoS) attacks aim to to prevent the legitimate use of a service. Since the magnitude and frequency of these attacks are increasing, DDoS attacks are becoming an increasingly bigger problem for the Internet. BGP Flowspec is an extension to the Border Gateway Protocol (BGP), designed to provide a granular approach to DDoS mitigation. BGP Flowspec defines a network flow based on e.g. the source, destination and other packet specific information. This flow can be matched dynamically to incoming traffic in order to either drop the traffic, place it into a different forwarding instance for further examination, or police to a desired rate. Related research shows its potential for DDoS attack mitigation. However, BGP Flowspec lacks in precision, potentially resulting in the filtering of legitimate traffic. This could have a negative impact on the underlying network. Therefore, a minimization and maximization problem arises: on one hand, it is desirable to maximize the amount of DDoS traffic blocked. On the other hand, the negative impact on the network needs to be minimized. The goal of this research is to address this problem by investigating how DDoS attack mitigation can be improved by using BGP Flowspec. This research presents a methodology for generating BGP Flowspec rules using a signature-based approach, as well as an evaluation of these rules. This evaluation showed that many DDoS attacks can be effectively mitigated using this approach. However, some DDoS attacks are too generic to be mitigated using BGP Flowspec. Since DDoS attacks are very different from each other, a generic solution is very challenging to design.
Item Type:Essay (Master)
Clients:
KPMG, Amstelveen, The Netherlands
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:http://purl.utwente.nl/essays/80127
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page