• DocumentCode
    2733062
  • Title

    Finding DDoS attack sources: Searchlight localization algorithm for network tomography

  • Author

    Demir, Omer ; Khan, Bilal

  • Author_Institution
    Gen. Directorate of Security, Dept. of Inf. Technol., Turkish Nat. Police, Ankara, Turkey
  • fYear
    2011
  • fDate
    4-8 July 2011
  • Firstpage
    418
  • Lastpage
    423
  • Abstract
    Among the challenges facing the Internet, DoS/DDoS are a critical concern for Internet Service Providers. DDoS attacks can cause country-wide infrastructure problems, and can disrupt communications on a national level. Frequently, Botnets are used to carry out source-spoofed DDoS attacks. The problem of tracing such attacks has been the subject of significant inquiry. Here, we leverage the fact that a Botnet requires significant exposure to risk, and investments of time and resources. Thus, as a capital resource, it is likely that a Botnet will, over its lifespan, be used to execute multiple criminal DDoS attacks on different targets. Here, we report on new techniques that leverage information obtained over sequences of source spoofed Botnet led DDoS attacks, demonstrating the efficacy of these techniques at pinpointing potential attacker locations. DDoS attack flow descriptions can be collected in many ways, using a coordinated DDoS sensor agents (e.g. as described by the authors previously in). Here, as a theoretical contribution, we provide formal statement of the attacker localization problem. We develop an new algorithm for localizing attack sources from sequences of DDoS attacks.
  • Keywords
    Internet; computer network security; software agents; Internet service provider; attacker localization problem; botnets; coordinated DDoS sensor agents; network tomography; searchlight localization algorithm; source-spoofed DDoS attacks; Computer crime; Computer hacking; Electronic mail; Internet; Investments; Routing; Silicon; DDoS; source localization; source spoofing;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Wireless Communications and Mobile Computing Conference (IWCMC), 2011 7th International
  • Conference_Location
    Istanbul
  • Print_ISBN
    978-1-4244-9539-9
  • Type

    conf

  • DOI
    10.1109/IWCMC.2011.5982570
  • Filename
    5982570