QUICShield: A Rapid Detection Mechanism Against QUIC-Flooding Attacks.

QUICis a modern transport layer internet protocol designed to be more efficient and secure than TCP (Transmission control protocol). However, QUIC remains vulnerable to handshake flooding attacks due to its similar design to TCP in the handshaking process. This paper introduces an innovative defence mechanism, QUICShield, which enables rapid detection and protection from QUIC-flooding DDoS attacks across different IP spoofing scenarios. QUICShield is a Bloom filter-based technique that provides rapid change detection to distinguish between incomplete or invalid handshakes and legitimate connections while accounting for common handshake errors. It utilizes the probabilistic data structure of Bloom Filter to detect malicious traffic effectively and incorporates change detection techniques to adapt to evolving attack patterns. Also, it addresses the unique challenges of QUIC-Flooding attacks, which exploit the protocol's stateless nature and the inclusion of cryptographic computations to overwhelm a target's computational resources. Existing defence mechanisms against DDoS attacks primarily focus on TCP SYN-Flooding. Although these approaches are effective in the TCP domain, they are inadequate in addressing the specific vulnerabilities related to the QUIC protocol. Our QUICShield technique fills this gap by offering a customized solution for QUIC-based systems. It neutralizes malicious traffic, maintains legitimate connections, and adapts to IP spoofing in the QUIC protocol networks. Furthermore, QUICShield defends against QUIC-Flooding DDoS attacks, with real attack emulation demonstrating improved detection of previously ineffective invalid packets, boosting network resilience against security threats.