Visualization of actionable knowledge to mitigate DRDoS attacks
作者: Michael Aupetit , Yury Zhauniarovich , Giorgos Vasiliadis , Marc Dacier , Yazan Boshmaf
DOI: 10.1109/VIZSEC.2016.7739577
关键词: Denial-of-service attack 、 Visualization 、 Computer security 、 Spoofing attack 、 Data visualization 、 Bandwidth (computing) 、 Honeypot 、 The Internet 、 Computer science 、 Server
摘要: Distributed Reflective Denial of Service attacks (DRDoS) represent an ever growing security threat. These are characterized by spoofed UDP traffic that is sent to genuine machines, called amplifiers, whose response the IP, i.e. victim machine, amplified and could be 500 times larger in size than originating request. In this paper, we provide a method tool for Internet Providers (ISPs) assess visualize amount enters leaves their network case it contains innocent amplifiers. We show usually goes undetected can consume significant bandwidth, even when small number amplifiers present. The also enables ISPs simulate various rule-based mitigation strategies estimate impact, based on real-world data obtained from amplification honeypots.
sci-hub.se 参考文章(25)
Stef van den Elzen, Jarke J. van Wijk, BaobabView: Interactive construction and analysis of decision trees visual analytics science and technology. pp. 151- 160 ,(2011) , 10.1109/VAST.2011.6102453
Ravinder Shankesi, Musab AlTurki, Ralf Sasse, Carl A. Gunter, José Meseguer, Model-checking DoS amplification for VoIP session initiation european symposium on research in computer security. pp. 390- 405 ,(2009) , 10.1007/978-3-642-04444-1_24
Zakir Durumeric, Michael Bailey, J Alex Halderman, None, An internet-wide view of internet-wide scanning usenix security symposium. pp. 65- 78 ,(2014)
J. Pearlman, P. Rheingans, Visualizing Network Security Events Using Compound Glyphs from a Service-Oriented Perspective visualization for computer security. pp. 131- 146 ,(2008) , 10.1007/978-3-540-78243-8_9
C.P. Lee, J. Trost, N. Gibbs, R. Beyah, J.A. Copeland, Visual firewall: real-time network security monitor visualization for computer security. pp. 16- 16 ,(2005) , 10.1109/VIZSEC.2005.20
Matthew Orlinski, Matthias Wählisch, Christian Rossow, Thomas C. Schmidt, Fabrice J. Ryba, Amplification and DRDoS Attack Defense - A Survey and New Perspectives. arXiv: Networking and Internet Architecture. ,(2015)
Christian Rossow, Amplification Hell: Revisiting Network Protocols for DDoS Abuse network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23233
R.F. Erbacher, K.L. Walker, D.A. Frincke, Intrusion and misuse detection in large-scale systems IEEE Computer Graphics and Applications. ,vol. 22, pp. 38- 47 ,(2002) , 10.1109/38.974517
Jonathan McPherson, Kwan-Liu Ma, Paul Krystosk, Tony Bartoletti, Marvin Christensen, PortVis: a tool for port-based detection of security events visualization for computer security. pp. 73- 81 ,(2004) , 10.1145/1029208.1029220
Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, J Alex Halderman, None, A Search Engine Backed by Internet-Wide Scanning computer and communications security. pp. 542- 553 ,(2015) , 10.1145/2810103.2813703