Identification of Repeated Denial of Service Attacks
作者: A. Hussain , J. Heidemann , C. Papadopoulos
关键词: Extortion 、 Network packet 、 Computer science 、 Fingerprint recognition 、 Denial-of-service attack 、 Internet privacy 、 Header 、 Identification (information) 、 Computer security 、 Fingerprint (computing)
摘要: Denial of Service attacks have become a weapon for extortion and vandalism causing damages in the millions dollars to commercial government sites. Legal prosecution is powerful deterrent, but requires attribution attacks, currently difficult task. In this paper we propose method automatically fingerprint identify repeated attack scenarios—a combination attacking hosts tool. Such fingerprints not only aid criminal civil attackers, also help justify focus response measures. Since packet contents can be easily manipulated, base our on spectral characteristics stream which are hard forge. We validate methodology by applying it real captured at regional ISP comparing outcome with header-based classification. Finally, conduct controlled experiments isolate factors that affect fingerprint.
deter-project.org
columbia.edu 参考文章(24)
Kevin Thompson, Greg Miller, kc claffy, The nature of the beast: Recent traffic measurements from an Internet backbone International Networking Conference (INET). ,(1998)
N. G. Duffield1, J. Horowitz, F. Presti, D. Towsley, Network Delay Tomography from End-to-End Unicast Measurements Lecture Notes in Computer Science. pp. 576- 595 ,(2001) , 10.1007/3-540-45400-4_37
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Chen-Mou Cheng, H.T. Kung, Koan-Sin Tan, Use of spectral analysis in defense against DoS attacks global communications conference. ,vol. 3, pp. 2143- 2148 ,(2002) , 10.1109/GLOCOM.2002.1189011
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
Dina Katabi, Charles Blake, Inferring Congestion Sharing and Path Characteristics from Packet Interarrival Times ,(2001)
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson, Practical network support for IP traceback acm special interest group on data communication. ,vol. 30, pp. 295- 306 ,(2000) , 10.1145/347057.347560
Andre Broido, Evi Nemeth, K. C. Claffy, Spectroscopy of DNS update traffic measurement and modeling of computer systems. ,vol. 31, pp. 320- 321 ,(2003) , 10.1145/781027.781077
Craig Partridge, David Cousins, Alden W. Jackson, Rajesh Krishnan, Tushar Saxena, W. Timothy Strayer, Using signal processing to analyze wireless data traffic Proceedings of the ACM workshop on Wireless security - WiSE '02. pp. 67- 76 ,(2002) , 10.1145/570681.570689