Research Article
An Efficient Method for Online Detection of DRDoS Attacks on UDP-Based Services in SDN Using Machine Learning Algorithms
Table 1
The amplification factor for UDP-based protocol [
10].
| Protocol | BAF | PAF | Scenario | Description | Port (s) |
| SNMP v2 | 6.3 | 1.00 | GetBulk request | Monitoring network-attached devices | 161 | NTP | 556.9 | 3.84 | Request client statistics | Time synchronization | 123 | DNS | 54.6 | 2.08 | ANY lookup at author | Domain name resolution | 53 | NetBIOS | 3.8 | 1.00 | Name resolution | Name service protocol of NetBIOS API | 137 | SSDP | 30.8 | 9.92 | SEARCH request | Discovery of UPnP-enabled hosts | 1900 | CharGen | 358.8 | 1.00 | Character generation request | Legacy character generation protocol | 19 | QOTD | 140.3 | 1.00 | Quote request | Legacy “quote-of-the-day” protocol | 17 | BitTorrent | 3.8 | 1.58 | File search | BitTorrent’s Kademlia DHT impl. | Any | Kad | 16.3 | 1.00 | Peer list exchange | eMule’s Kademlia DHT impl. | Any | Quake 3 | 63.9 | 1.01 | Server info exchange | Games using the Quake 3 engine | 27960 | Steam | 5.5 | 1.12 | Server info exchange | Games using the steam protocol | 27015 | ZAv2 | 36.0 | 1.02 | Peer list and cmd exchange | P2P-based rootkit | 164XY | Sality | 37.3 | 1.00 | URL list exchange | P2P-based malware dropper | Any | Gameover | 45.4 | 5.39 | Peer and proxy exchange | P2P-based banking Trojan | Any |
|
|