Fingerprinting Internet DNS Amplification DDoS Activities
作者: Claude Fachkha , Elias Bou-Harb , Mourad Debbabi
DOI: 10.1109/NTMS.2014.6814019
关键词:
摘要: This work proposes a novel approach to infer and characterize Internet-scale DNS amplification DDoS attacks by leveraging the darknet space. Complementary pioneer on inferring Distributed Denial of Service (DDoS) activities using darknet, this shows that we can extract without relying backscattered analysis. The aim is cyber security intelligence related Amplification such as detection period, attack duration, intensity, packet size, rate geo-location in addition various network-layer flow-based insights. To achieve task, proposed exploits certain parameters detect attacks. We empirically evaluate 720 GB real data collected from /13 address space during recent three months period. Our analysis reveals was successful significant including prominent targeted one largest anti-spam organizations. Moreover, disclosed mechanism Further, results uncover high-speed stealthy attempts were never previously documented. case study history lead better understanding nature scale threat generate inferences could contribute detecting, preventing, assessing, mitigating even attributing activities.
arxiv.org
128.84.21.199参考文章(16)
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
Padhraic Smyth, Model selection for probabilistic clustering using cross-validatedlikelihood Statistics and Computing. ,vol. 10, pp. 63- 72 ,(2000) , 10.1023/A:1008940618127
David Dagon, Chris Lee, Wenke Lee, Niels Provos, Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority network and distributed system security symposium. ,(2008)
Stuart Staniford, James A. Hoagland, Joseph M. McAlerney, Practical automated detection of stealthy portscans Journal of Computer Security. ,vol. 10, pp. 105- 136 ,(2002) , 10.3233/JCS-2002-101-205
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, A Statistical Approach for Fingerprinting Probing Activities availability, reliability and security. pp. 21- 30 ,(2013) , 10.1109/ARES.2013.9
Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, Geoff Huston, None, Internet background radiation revisited internet measurement conference. pp. 62- 74 ,(2010) , 10.1145/1879141.1879149
Claude Fachkha, Elias Bou-Harb, Amine Boukhtouta, Son Dinh, Farkhund Iqbal, Mourad Debbabi, Investigating the dark cyberspace: Profiling, threat-based analysis and correlation conference on risks and security of internet and systems. pp. 1- 8 ,(2012) , 10.1109/CRISIS.2012.6378947
Jun Bi, Ping Hu, Peiguo Li, Study on Classification and Characteristics of Source Address Spoofing Attacks in the Internet 2010 Ninth International Conference on Networks. pp. 226- 230 ,(2010) , 10.1109/ICN.2010.43
David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage, Inferring Internet denial-of-service activity ACM Transactions on Computer Systems. ,vol. 24, pp. 115- 139 ,(2006) , 10.1145/1132026.1132027
Stuart Staniford, David Moore, Vern Paxson, Nicholas Weaver, The top speed of flash worms workshop on rapid malcode. pp. 33- 42 ,(2004) , 10.1145/1029618.1029624