Fingerprinting Internet DNS Amplification DDoS Activities
作者: Claude Fachkha , Elias Bou-Harb , Mourad Debbabi
DOI: 10.1109/NTMS.2014.6814019
关键词:
摘要: This work proposes a novel approach to infer and characterize Internet-scale DNS amplification DDoS attacks by leveraging the darknet space. Complementary pioneer on inferring Distributed Denial of Service (DDoS) using darknet, this shows that we can extract activities without relying backscattered analysis. The aim is cyber security intelligence related Amplification such as detection period, attack duration, intensity, packet size, rate geo- location in addition various network-layer flow-based insights. To achieve task, proposed exploits certain parameters detect attacks. We empirically evaluate 720 GB real data collected from /13 address space during recent three months period. Our analysis reveals was successful significant including prominent targeted one largest anti-spam organizations. Moreover, disclosed mechanism Further, results uncover high-speed stealthy attempts were never previously documented. case study history lead better understanding nature scale threat generate inferences could contribute detecting, preventing, assessing, mitigating even attributing activities.
harvard.edu
sci-hub.st 参考文章(17)
B. Irwin, N. Pilkington, High Level Internet Scale Traffic Visualization Using Hilbert Curve Mapping visualization for computer security. pp. 147- 158 ,(2008) , 10.1007/978-3-540-78243-8_10
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
David Dagon, Chris Lee, Wenke Lee, Niels Provos, Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority network and distributed system security symposium. ,(2008)
Stuart Staniford, James A. Hoagland, Joseph M. McAlerney, Practical automated detection of stealthy portscans Journal of Computer Security. ,vol. 10, pp. 105- 136 ,(2002) , 10.3233/JCS-2002-101-205
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, A Statistical Approach for Fingerprinting Probing Activities availability, reliability and security. pp. 21- 30 ,(2013) , 10.1109/ARES.2013.9
Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, Geoff Huston, None, Internet background radiation revisited internet measurement conference. pp. 62- 74 ,(2010) , 10.1145/1879141.1879149
Claude Fachkha, Elias Bou-Harb, Amine Boukhtouta, Son Dinh, Farkhund Iqbal, Mourad Debbabi, Investigating the dark cyberspace: Profiling, threat-based analysis and correlation conference on risks and security of internet and systems. pp. 1- 8 ,(2012) , 10.1109/CRISIS.2012.6378947
Claude Fachkha, Elias Bou-Harb, Mourad Debbabi, Towards a Forecasting Model for Distributed Denial of Service Activities network computing and applications. pp. 110- 117 ,(2013) , 10.1109/NCA.2013.13
Jun Bi, Ping Hu, Peiguo Li, Study on Classification and Characteristics of Source Address Spoofing Attacks in the Internet 2010 Ninth International Conference on Networks. pp. 226- 230 ,(2010) , 10.1109/ICN.2010.43
David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage, Inferring Internet denial-of-service activity ACM Transactions on Computer Systems. ,vol. 24, pp. 115- 139 ,(2006) , 10.1145/1132026.1132027