Finding DDoS attack sources: Searchlight localization algorithm for network tomography

Omer Demir, Bilal Khan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Among the challenges facing the Internet, DoS/DDoS are a critical concern for Internet Service Providers. DDoS attacks can cause country-wide infrastructure problems, and can disrupt communications on a national level. Frequently, Botnets are used to carry out source-spoofed DDoS attacks. The problem of tracing such attacks has been the subject of significant inquiry. Here, we leverage the fact that a Botnet requires significant exposure to risk, and investments of time and resources. Thus, as a capital resource, it is likely that a Botnet will, over its lifespan, be used to execute multiple criminal DDoS attacks on different targets. Here, we report on new techniques that leverage information obtained over sequences of source spoofed Botnetled DDoS attacks, demonstrating the efficacy of these techniques at pinpointing potential attacker locations. DDoS attack flow descriptions can be collected in many ways, using a coordinated DDoS sensor agents (e.g. as described by the authors previously in [1]). Here, as a theoretical contribution, we provide formal statement of the attacker localization problem. We develop an new algorithm for localizing attack sources from sequences of DDoS attacks.

Original languageEnglish (US)
Title of host publicationIWCMC 2011 - 7th International Wireless Communications and Mobile Computing Conference
Pages418-423
Number of pages6
DOIs
StatePublished - Sep 12 2011
Event7th International Wireless Communications and Mobile Computing Conference, IWCMC 2011 - Istanbul, Turkey
Duration: Jul 4 2011Jul 8 2011

Publication series

NameIWCMC 2011 - 7th International Wireless Communications and Mobile Computing Conference

Other

Other7th International Wireless Communications and Mobile Computing Conference, IWCMC 2011
CountryTurkey
CityIstanbul
Period7/4/117/8/11

Keywords

  • DDoS
  • source localization
  • source spoofing

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Communication

Fingerprint Dive into the research topics of 'Finding DDoS attack sources: Searchlight localization algorithm for network tomography'. Together they form a unique fingerprint.

  • Cite this

    Demir, O., & Khan, B. (2011). Finding DDoS attack sources: Searchlight localization algorithm for network tomography. In IWCMC 2011 - 7th International Wireless Communications and Mobile Computing Conference (pp. 418-423). [5982570] (IWCMC 2011 - 7th International Wireless Communications and Mobile Computing Conference). https://doi.org/10.1109/IWCMC.2011.5982570