Delving into Internet DDoS Attacks by Botnets: Characterization and Analysis
作者: An Wang , Aziz Mohaisen , Wentao Chang , Songqing Chen
DOI: 10.1109/DSN.2015.47
关键词:
摘要: Internet Distributed Denial of Service (DDoS) at- tacks are prevalent but hard to defend against, partially due the volatility attacking methods and patterns used by attackers. Understanding latest DDoS attacks can provide new insights for effective defense. But most existing understandings based on indirect traffic measures (e.g., backscatters) or seen locally. In this study, we present an in-depth analysis 50,704 different directly observed in a seven-month period. These were launched 674 botnets from 23 botnet families with total 9,026 victim IPs belonging 1,074 organizations 186 countries. Our reveals several interesting findings about today's attacks. Some highlights include: (1) geolocation shows that geospatial distribution sources follows certain patterns, which enables very accurate source prediction future active families, (2) target perspective, multiple same also exhibit strong inter-attack time interval, allowing start next anticipated (3) there is trend launch targeting victim, simultaneously turn. add literature understanding attacks, offer designing defense schemes at levels.
acm.org 
sci-hub.se 参考文章(34)
Nick Duffield, Jacobus van der Merwe, Oliver Spatscheck, Vyas Sekar, Hui Zhang, LADS: large-scale automated DDOS detection system usenix annual technical conference. pp. 16- 16 ,(2006)
Steven Michael Bellovin, John Ioannidis, Implementing Pushback : Router-Based Defense Against DDoS Attacks network and distributed system security symposium. ,(2002) , 10.7916/D8R78MXV
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Xianjun Geng, Yun Huang, Andrew B. Whinston, Defending wireless infrastructure against the challenge of DDoS attacks Mobile Networks and Applications. ,vol. 7, pp. 213- 223 ,(2002) , 10.1023/A:1014526713037
Christian Rossow, Amplification Hell: Revisiting Network Protocols for DDoS Abuse network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23233
Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, Geoff Huston, None, Internet background radiation revisited internet measurement conference. pp. 62- 74 ,(2010) , 10.1145/1879141.1879149
A. Yaar, A. Perrig, D. Song, StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense IEEE Journal on Selected Areas in Communications. ,vol. 24, pp. 1853- 1863 ,(2006) , 10.1109/JSAC.2006.877138
Z. Morley Mao, Vyas Sekar, Oliver Spatscheck, Jacobus van der Merwe, Rangarajan Vasudevan, Analyzing large DDoS attacks using multiple data sources Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense - LSAD '06. pp. 161- 168 ,(2006) , 10.1145/1162666.1162675
Tao Peng, Christopher Leckie, Kotagiri Ramamohanarao, Survey of network-based defense mechanisms countering the DoS and DDoS problems ACM Computing Surveys. ,vol. 39, pp. 3- ,(2007) , 10.1145/1216370.1216373
Keunsoo Lee, Juhyun Kim, Ki Hoon Kwon, Younggoo Han, Sehun Kim, DDoS attack detection method using cluster analysis Expert Systems With Applications. ,vol. 34, pp. 1659- 1665 ,(2008) , 10.1016/J.ESWA.2007.01.040