Finding DDoS attack sources: Searchlight localization algorithm for network tomography
Among the challenges facing the Internet, DoS/DDoS are a critical concern for Internet Service Providers. DDoS attacks can cause country-wide infrastructure problems, and can disrupt communications on a national level. Frequently, Botnets are used to carry out source-spoofed DDoS attacks. The proble...
Saved in:
| Published in: | 2011 7th International Wireless Communications and Mobile Computing Conference pp. 418 - 423 |
|---|---|
| Main Authors: | , |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
01.07.2011
|
| Subjects: | |
| ISBN: | 9781424495399, 1424495393 |
| ISSN: | 2376-6492 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | Among the challenges facing the Internet, DoS/DDoS are a critical concern for Internet Service Providers. DDoS attacks can cause country-wide infrastructure problems, and can disrupt communications on a national level. Frequently, Botnets are used to carry out source-spoofed DDoS attacks. The problem of tracing such attacks has been the subject of significant inquiry. Here, we leverage the fact that a Botnet requires significant exposure to risk, and investments of time and resources. Thus, as a capital resource, it is likely that a Botnet will, over its lifespan, be used to execute multiple criminal DDoS attacks on different targets. Here, we report on new techniques that leverage information obtained over sequences of source spoofed Botnet led DDoS attacks, demonstrating the efficacy of these techniques at pinpointing potential attacker locations. DDoS attack flow descriptions can be collected in many ways, using a coordinated DDoS sensor agents (e.g. as described by the authors previously in). Here, as a theoretical contribution, we provide formal statement of the attacker localization problem. We develop an new algorithm for localizing attack sources from sequences of DDoS attacks. |
|---|---|
| AbstractList | Among the challenges facing the Internet, DoS/DDoS are a critical concern for Internet Service Providers. DDoS attacks can cause country-wide infrastructure problems, and can disrupt communications on a national level. Frequently, Botnets are used to carry out source-spoofed DDoS attacks. The problem of tracing such attacks has been the subject of significant inquiry. Here, we leverage the fact that a Botnet requires significant exposure to risk, and investments of time and resources. Thus, as a capital resource, it is likely that a Botnet will, over its lifespan, be used to execute multiple criminal DDoS attacks on different targets. Here, we report on new techniques that leverage information obtained over sequences of source spoofed Botnet led DDoS attacks, demonstrating the efficacy of these techniques at pinpointing potential attacker locations. DDoS attack flow descriptions can be collected in many ways, using a coordinated DDoS sensor agents (e.g. as described by the authors previously in). Here, as a theoretical contribution, we provide formal statement of the attacker localization problem. We develop an new algorithm for localizing attack sources from sequences of DDoS attacks. |
| Author | Khan, Bilal Demir, Omer |
| Author_xml | – sequence: 1 givenname: Omer surname: Demir fullname: Demir, Omer email: omerdemirkos@gmail.com organization: Gen. Directorate of Security, Dept. of Inf. Technol., Turkish Nat. Police, Ankara, Turkey – sequence: 2 givenname: Bilal surname: Khan fullname: Khan, Bilal email: bkhan@jjay.cuny.edu organization: Dept. of Math. & Comput. Sci., CUNY, New York, NY, USA |
| BookMark | eNo1kL1OwzAYAI0oEm3pC8DiF0jx57_YbCilUKmIofyMleM4iWkaV44RKk_PQJlOt9xwEzTqQ-8QugYyByD6dvVRPBdzSgDmQisqcnKGJsAp51owJc7RTOfq37UeoTFlucwk1_QSzYbhkxDCKEBO-Ri9L31f-b7Bi0XYYJOSsTs8hK9o3XCHN85E23a-aRPugjWd_zHJhx6brgnRp3aP6xBx79J3iDucwj400Rza4xW6qE03uNmJU_S2fHgtnrL1y-OquF9nHnKRskpKq0vQ4HiZ05IxXVNmBFGVVtJxZ5Sj4IhSIPNaV6W1zirKhTCyKoFRNkU3f13vnNseot-beNyetrBfsOBXHg |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/IWCMC.2011.5982570 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Xplore Digital Library (LUT) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISBN | 1424495385 9781424495375 1424495377 9781424495382 |
| EndPage | 423 |
| ExternalDocumentID | 5982570 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IL 6IN AAWTH ABLEC ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK OCL RIE RIL |
| ID | FETCH-LOGICAL-i175t-d66c9b191e4b72b339f23a508d986e4ea8e21e088167f9dbccec82455a6db1323 |
| IEDL.DBID | RIE |
| ISBN | 9781424495399 1424495393 |
| ISICitedReferencesCount | 4 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000300570200072&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 2376-6492 |
| IngestDate | Wed Aug 27 03:23:46 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i175t-d66c9b191e4b72b339f23a508d986e4ea8e21e088167f9dbccec82455a6db1323 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_5982570 |
| PublicationCentury | 2000 |
| PublicationDate | 2011-July |
| PublicationDateYYYYMMDD | 2011-07-01 |
| PublicationDate_xml | – month: 07 year: 2011 text: 2011-July |
| PublicationDecade | 2010 |
| PublicationTitle | 2011 7th International Wireless Communications and Mobile Computing Conference |
| PublicationTitleAbbrev | IWCMC |
| PublicationYear | 2011 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0003211724 ssj0000670004 |
| Score | 1.7939844 |
| Snippet | Among the challenges facing the Internet, DoS/DDoS are a critical concern for Internet Service Providers. DDoS attacks can cause country-wide infrastructure... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 418 |
| SubjectTerms | Computer crime Computer hacking DDoS Electronic mail Internet Investments Routing Silicon source localization source spoofing |
| Title | Finding DDoS attack sources: Searchlight localization algorithm for network tomography |
| URI | https://ieeexplore.ieee.org/document/5982570 |
| WOSCitedRecordID | wos000300570200072&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV07T8MwGLRKxQALjxbxlgdGTFvbsWPWlAoGqkq8ulWOHxDRJqhN-f3YTlpAYmGLI0WJHCnf3Ze7-wC40FZFxNoe0pQxRB2ERcJ2uwhrLYh2FVkzGYZN8OEwHo_FqAEu114YY0wQn5krfxj-5etCLX2rrOPD5iLuCPoG56zyaq37KcFvUlMLvyaO2fAw09brPhCjAq98XSIigqzinuq1WBlquqJz95LcJ1W6Z33HX6NXQuUZ7PzvmXdB-9vCB0fr4rQHGibfB9s_0gdb4HmQBUsL7PeLByjLUqp3WDXzF9ew0iFPPXeHoeDVhk0op6_FPCvfZtDhXZhXMnJYFrM6_LoNngY3j8ktqscsoMxhhxJpxpRIHW8zNOU4JURYTKQDblrEzFAjY4N7xn2NeoxboVOljIoxjSLJdOrILDkAzbzIzSGAzHr84y7XsaZUKuHgCeE-cpU64IDJEWj5HZp8VEkak3pzjv8-fQK2qg6uF8eegmY5X5ozsKk-y2wxPw-v_wuC5aiy |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PT8IwGG2ImqgXf4Dxtz14tDLarlu9ggQiEBJRuZGu7XQRNgPDv9-2G6iJF2_rkmVLs-x779t77wPgWsXSJ3HcQIoyhqiBsIjHnoewUpwoU5EVE27YRDAYhOMxH1bAzdoLo7V24jN9aw_dv3yVyaVtldVt2JwfGIK-6VOKvcKtte6oOMdJSS7smhhuE7iptlb5gRjleOXs4j7hZBX4VK75ylLj8Xr3pdlvFvme5T1_DV9xtae997-n3ge1bxMfHK7L0wGo6PQQ7P7IH6yC53biTC2w1coeochzId9h0c5f3MFCiTy17B26kldaNqGYvmbzJH-bQYN4YVoIyWGezcr46xp4at-Pmh1UDlpAiUEPOVKMSR4Z5qZpFOCIEB5jIgx0UzxkmmoRatzQ5nvUYEHMVSSlliGmvi-YigydJUdgI81SfQwgiy0CMperUFEqJDcAhQQ2dJUa6IDJCajaHZp8FFkak3JzTv8-fQW2O6N-b9LrDh7OwE7Rz7VS2XOwkc-X-gJsyc88Wcwv3avwBX_Rq_k |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2011+7th+International+Wireless+Communications+and+Mobile+Computing+Conference&rft.atitle=Finding+DDoS+attack+sources%3A+Searchlight+localization+algorithm+for+network+tomography&rft.au=Demir%2C+Omer&rft.au=Khan%2C+Bilal&rft.date=2011-07-01&rft.pub=IEEE&rft.isbn=9781424495399&rft.issn=2376-6492&rft.spage=418&rft.epage=423&rft_id=info:doi/10.1109%2FIWCMC.2011.5982570&rft.externalDocID=5982570 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2376-6492&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2376-6492&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2376-6492&client=summon |