On the inference and prediction of DDoS campaigns
作者: Claude Fachkha , Elias Bou-Harb , Mourad Debbabi
DOI: 10.1002/WCM.2510
关键词:
摘要: This work proposes a distributed denial-of-service DDoS inference and forecasting model that aims at providing insights to organizations, security operators, emergency response teams during after attack. Specifically, our strives predict, within minutes, the attacks' features, namely intensity/rate packets/second size estimated number of used compromised machines/bots. The goal is understand future short-term trend ongoing attack in terms those features thus provide capability recognize current as well similar situations hence appropriately respond threat. Further, investigating campaigns by proposing clustering approach infer various victims targeted same campaign predicting related features. Our analysis employs real darknet data explore feasibility applying models on attacks evaluate accuracy predictions. To achieve goal, proposed leverages time series fluctuation techniques, statistical methods, approaches. extracted inferences from case studies exhibit promising reaching some points less than 1% error rate. could lead better understanding scale, speed, generates be adopted for immediate mitigation. Moreover, accumulated purpose long-term large-scale analysis. Copyright © 2014 John Wiley & Sons, Ltd.
sci-hub.se 参考文章(38)
David Dagon, Cliff Changchun Zou, Wenke Lee, Modeling Botnet Propagation Using Time Zones. network and distributed system security symposium. ,(2006)
Neo Park, Won Hyung Park, Cyber Threat Prediction Model Using Security Monitoring System Event international conference on it convergence and security, icitcs. pp. 233- 239 ,(2013) , 10.1007/978-94-007-5860-5_27
Vinod Yegneswaran, Paul Barford, Dave Plonka, On the Design and Use of Internet Sinks for Network Abuse Monitoring recent advances in intrusion detection. pp. 146- 165 ,(2004) , 10.1007/978-3-540-30143-1_8
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Barry Irwin, A baseline study of potentially malicious activity across five network telescopes international conference on cyber conflict. pp. 1- 17 ,(2013)
Hyundo Park, Sung-Oh David Jung, Heejo Lee, Hoh Peter In, Cyber Weather Forecasting: Forecasting Unknown Internet Worms Using Randomness Analysis information security conference. pp. 376- 387 ,(2012) , 10.1007/978-3-642-30436-1_31
Wing-Keung Wong, Meher Manzur, Boon-Kiat Chew, How rewarding is technical analysis? Evidence from Singapore stock market Applied Financial Economics. ,vol. 13, pp. 543- 551 ,(2003) , 10.1080/0960310022000020906
Alberto Dainotti, Karyn Benson, Alistair King, kc claffy, Michael Kallitsis, Eduard Glatz, Xenofontas Dimitropoulos, Estimating internet address space usage through passive measurements acm special interest group on data communication. ,vol. 44, pp. 42- 49 ,(2013) , 10.1145/2567561.2567568
Hubert W. Lilliefors, On the Kolmogorov-Smirnov Test for Normality with Mean and Variance Unknown Journal of the American Statistical Association. ,vol. 62, pp. 399- 402 ,(1967) , 10.2307/2283970
Jakub Czyz, Kyle Lady, Sam G Miller, Michael Bailey, Michael Kallitsis, Manish Karir, None, Understanding IPv6 internet background radiation internet measurement conference. pp. 105- 118 ,(2013) , 10.1145/2504730.2504732