A protocol-free detection against cloud oriented reflection DoS attacks

Distributed denial of service (DDoS) attack presents a critical threat to cloud infrastructure, where many manipulated hosts flood the victim cloud with plenty of packets, which will lead to the exhaustion of bandwidth and other system resources. As one type of DDoS attack, in reflection DoS (RDoS) attack, legitimate servers (reflectors) are fooled into sending a large number of packets to the victim cloud. Most of the existed RDoS attack detection mechanisms are protocol-specific, thus low in efficiency. It is inspected that because of being triggered by the same attacking flow, intra-unite correlation exists among the packet rate of attacking flows. Based on the phenomenon, a flow correlation coefficient (FCC)-based protocol-free detection (PFD) algorithm is proposed. The simulation results show that PFD can detect attacking flows efficiently and effectively and is not protocol-specific, thus can be used as effective supplement to existed algorithms.