TY - GEN
T1 - Finding DDoS attack sources
T2 - 7th International Wireless Communications and Mobile Computing Conference, IWCMC 2011
AU - Demir, Omer
AU - Khan, Bilal
N1 - Copyright:
Copyright 2011 Elsevier B.V., All rights reserved.
PY - 2011
Y1 - 2011
N2 - Among the challenges facing the Internet, DoS/DDoS are a critical concern for Internet Service Providers. DDoS attacks can cause country-wide infrastructure problems, and can disrupt communications on a national level. Frequently, Botnets are used to carry out source-spoofed DDoS attacks. The problem of tracing such attacks has been the subject of significant inquiry. Here, we leverage the fact that a Botnet requires significant exposure to risk, and investments of time and resources. Thus, as a capital resource, it is likely that a Botnet will, over its lifespan, be used to execute multiple criminal DDoS attacks on different targets. Here, we report on new techniques that leverage information obtained over sequences of source spoofed Botnetled DDoS attacks, demonstrating the efficacy of these techniques at pinpointing potential attacker locations. DDoS attack flow descriptions can be collected in many ways, using a coordinated DDoS sensor agents (e.g. as described by the authors previously in [1]). Here, as a theoretical contribution, we provide formal statement of the attacker localization problem. We develop an new algorithm for localizing attack sources from sequences of DDoS attacks.
AB - Among the challenges facing the Internet, DoS/DDoS are a critical concern for Internet Service Providers. DDoS attacks can cause country-wide infrastructure problems, and can disrupt communications on a national level. Frequently, Botnets are used to carry out source-spoofed DDoS attacks. The problem of tracing such attacks has been the subject of significant inquiry. Here, we leverage the fact that a Botnet requires significant exposure to risk, and investments of time and resources. Thus, as a capital resource, it is likely that a Botnet will, over its lifespan, be used to execute multiple criminal DDoS attacks on different targets. Here, we report on new techniques that leverage information obtained over sequences of source spoofed Botnetled DDoS attacks, demonstrating the efficacy of these techniques at pinpointing potential attacker locations. DDoS attack flow descriptions can be collected in many ways, using a coordinated DDoS sensor agents (e.g. as described by the authors previously in [1]). Here, as a theoretical contribution, we provide formal statement of the attacker localization problem. We develop an new algorithm for localizing attack sources from sequences of DDoS attacks.
KW - DDoS
KW - source localization
KW - source spoofing
UR - http://www.scopus.com/inward/record.url?scp=80052514268&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80052514268&partnerID=8YFLogxK
U2 - 10.1109/IWCMC.2011.5982570
DO - 10.1109/IWCMC.2011.5982570
M3 - Conference contribution
AN - SCOPUS:80052514268
SN - 9781424495399
T3 - IWCMC 2011 - 7th International Wireless Communications and Mobile Computing Conference
SP - 418
EP - 423
BT - IWCMC 2011 - 7th International Wireless Communications and Mobile Computing Conference
Y2 - 4 July 2011 through 8 July 2011
ER -