Identification of Repeated DoS Attacks using Network Traffic Forensics. Hussain, A., Heidemann, J., & Papadopoulos, C. Technical Report ISI-TR-2003-577b, USC/Information Sciences Institute, August, 2003. Originally released August 2003, updated June 2004
Identification of Repeated DoS Attacks using Network Traffic Forensics [link]Paper  abstract   bibtex   
Denial-of-service attacks on the Internet today are often launched from zombies, multiple compromised machines controlled by an attacker. Attackers often take control of a number of zombies and then repeatedly use this army to attack a target several times, or to attack several targets. In this paper, we propose a method to identify repeated attack scenarios, that is, the combination of a particular set of hosts and attack tool. Such identification would help a victim coordinate response to an attack, and ideally would be a useful part of legal actions. Because packet contents can be forged by the attacker, we identify an attack scenario by spectral analysis of the arrival stream of attack traffic. The attack spectrum is derived from the characteristics of the attack machines and can therefore be obscured only by reducing attack effectiveness. We designed a multi-dimensional maximum-likelihood classifier to identify repeated attack scenarios. To validate this procedure we apply our approach on real-world attacks captured at a regional ISP, identifying similar attacks first by header contents (when possible) and comparing these results to our process. We conduct controlled experiments to identify and isolate factors that affect the attack fingerprint.
@TechReport{Hussain03c,
	author = 	"Alefiya Hussain and John Heidemann and Christos Papadopoulos",
	title = 	"Identification of Repeated DoS Attacks using
                         Network Traffic Forensics",
	institution = 	"USC/Information Sciences Institute",
	year = 		2003,
	sortdate = 		"2003-08-01", 
	project = "ant, nocredit, saman, conser, cossack",
	jsubject = "network_security",
	number =	"ISI-TR-2003-577b",
	note = "Originally released August 2003, updated June 2004",
	month =		aug,
	jlocation =	"johnh: folder: xxx",
	jlocation =	"johnh: pafile",
	keywords =	"network forensics, network traffic
                         fingerprinting, spectral analysis, DDoS",
	otherurl =	"https://ant.isi.edu/%7ehussain/pubs/Hussain03c.pdf",
	url =		"https://ant.isi.edu/%7ejohnh/PAPERS/Hussain03c.html",
	pdfurl =	"https://ant.isi.edu/%7ejohnh/PAPERS/Hussain03c.pdf",
	myorganization =	"USC/Information Sciences Institute",
	copyrightholder = "authors",
	abstract = "
Denial-of-service attacks on the Internet today are often launched
from zombies, multiple compromised machines controlled by an
attacker. Attackers often take control of a number of zombies and then
repeatedly use this army to attack a target several times, or to
attack several targets. In this paper, we propose a method to identify
repeated attack scenarios, that is, the combination of a particular
set of hosts and attack tool. Such identification would help a victim
coordinate response to an attack, and ideally would be a useful part
of legal actions. Because packet contents can be forged by the
attacker, we identify an attack scenario by spectral analysis of the
arrival stream of attack traffic. The attack spectrum is derived from
the characteristics of the attack machines and can therefore be
obscured only by reducing attack effectiveness. We designed a
multi-dimensional maximum-likelihood classifier to identify repeated
attack scenarios. To validate this procedure we apply our approach on
real-world attacks captured at a regional ISP, identifying similar
attacks first by header contents (when possible) and comparing these
results to our process. We conduct controlled experiments to identify
and isolate factors that affect the attack fingerprint.
",
}
Downloads: 0
About
Documentation
Keywords
Search
Users
Terms and Conditions of Use
Privacy Policy
Sitemap
© BibBase.org 2021