New Type of UDP Reflection Amplification Protocol Recognition Method Based on Active-Passive Combination
Reflection amplification attack has gradually become a mainstream DDoS attack method because of its high-quality traf-fic doubling ability and anti-traceability capability.In recent years,new UDP reflection amplification attack methods represented by Internet of Things protocols such as OpenVPN have emerged constantly,showing a trend of multi-protocol combination reflec-tion amplification.However,current UDP reflection amplification detection methods have some problems,such as inaccurate de-tection results and insufficient detection efficiency.In order to improve the UDP reflection amplification detection capability,a new type of UDP reflection amplification protocol recognition method based on active-passive combination is proposed.Firstly,the known Internet of Things reflection amplification protocol traffic is obtained through active detection method and is used as the experimental dataset.Secondly,in the process of automatic traffic analysis,dual threshold determination and multivariate feature matching are used to capture the unknown reflection amplification protocol and trigger mode.Finally,verify the authenticity through replay.Experimental results show that this method can effectively detect the reflection amplification traffic targeting UDP protocol,with an precision of 99.88%.The potential reflection amplification ability of the QUIC protocol has been disco-vered,effectively improving the protection ability against reflection amplification attacks.
万方数据
维普
