Inferring distributed reflection denial of service attacks from darknet
作者: Claude Fachkha , Elias Bou-Harb , Mourad Debbabi
DOI: 10.1016/J.COMCOM.2015.01.016
关键词:
摘要: This work proposes a novel approach to infer and characterize Internet-scale DNS Distributed Reflection Denial of Service (DRDoS) attacks by leveraging the darknet space. Complementary pioneer on inferring (DDoS) activities using darknet, this shows that we can extract DDoS without relying backscattered analysis. The aim is cyber security intelligence related DRDoS such as intensity, rate geo-location in addition various network-layer flow-based insights. To achieve task, proposed exploits certain parameters detect expectation maximization k-means clustering techniques an attempt identify campaigns Attacks. We empirically evaluate 1.44TB real data collected from a/13 address space during recent several months period. Our analysis reveals was successful significant amplification including prominent attack targeted one largest anti-spam organizations. Moreover, disclosed mechanism attacks. Further, results uncover high-speed stealthy attempts were never previously documented. extracted insights validated case studies lead better understanding nature scale threat generate inferences could contribute detecting, preventing, assessing, mitigating even attributing activities.
acm.org
elsevier.com
researchgate.net 
sci-hub.se 参考文章(38)
D. J. Hudson, Interval Estimation from the Likelihood Function Journal of the Royal Statistical Society: Series B (Methodological). ,vol. 33, pp. 256- 262 ,(1971) , 10.1111/J.2517-6161.1971.TB00877.X
B. Irwin, N. Pilkington, High Level Internet Scale Traffic Visualization Using Hilbert Curve Mapping visualization for computer security. pp. 147- 158 ,(2008) , 10.1007/978-3-540-78243-8_10
Vinod Yegneswaran, Paul Barford, Dave Plonka, On the Design and Use of Internet Sinks for Network Abuse Monitoring recent advances in intrusion detection. pp. 146- 165 ,(2004) , 10.1007/978-3-540-30143-1_8
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
Padhraic Smyth, Model selection for probabilistic clustering using cross-validatedlikelihood Statistics and Computing. ,vol. 10, pp. 63- 72 ,(2000) , 10.1023/A:1008940618127
David Dagon, Chris Lee, Wenke Lee, Niels Provos, Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority network and distributed system security symposium. ,(2008)
Stuart Staniford, James A. Hoagland, Joseph M. McAlerney, Practical automated detection of stealthy portscans Journal of Computer Security. ,vol. 10, pp. 105- 136 ,(2002) , 10.3233/JCS-2002-101-205
Do Quoc Le, Taeyoel Jeong, H. Eduardo Roman, James Won-Ki Hong, Traffic dispersion graph based anomaly detection Proceedings of the Second Symposium on Information and Communication Technology - SoICT '11. pp. 36- 41 ,(2011) , 10.1145/2069216.2069227