Identification of Repeated Denial of Service Attacks

Identification of Repeated Denial of Service Attacks

Hussain, Alefiya and Heidemann, John and Papadopoulos, Christos
USC/Information Sciences Institute

Alefiya Hussain, John Heidemann and Christos Papadopoulos 2006. Identification of Repeated Denial of Service Attacks. Proceedings of the IEEE Infocom (Barcelona, Spain, Apr. 2006), to appear.

Abstract

Denial of Service attacks have become a weapon for extortion and vandalism causing damages in the millions of dollars to commercial and government sites. Legal prosecution is a powerful deterrent, but requires attribution of attacks, currently a difficult task. In this paper we propose a method to \emphautomatically fingerprint and \emphidentify repeated attack scenarios—a combination of attacking hosts and attack tool. Such fingerprints not only aid in attribution for criminal and civil prosecution of attackers, but also help justify and focus response measures. Since packet contents can be easily manipulated, we base our fingerprints on the \emphspectral characteristics of the attack stream which are hard to forge. We validate our methodology by applying it to real attacks captured at a regional ISP and comparing the outcome with header-based classification. Finally, we conduct controlled experiments to identify and isolate factors that affect the attack fingerprint.

Reference

@inproceedings{Hussain06a,
  author = {Hussain, Alefiya and Heidemann, John and Papadopoulos, Christos},
  title = {Identification of Repeated Denial of Service Attacks},
  booktitle = {Proceedings of the  IEEE Infocom},
  year = {2006},
  sortdate = {2006-04-01},
  project = {ant, lander, nocredit, madcat},
  jsubject = {network_security},
  publisher = {IEEE},
  address = {Barcelona, Spain},
  month = apr,
  pages = {to appear},
  location = {johnh: pafile},
  keywords = {network forensics, network traffic
                           fingerprinting, spectral analysis, DDoS},
  url = {http://www.isi.edu/%7ejohnh/PAPERS/Hussain06a.html},
  pdfurl = {http://www.isi.edu/%7ejohnh/PAPERS/Hussain06a.pdf},
  myorganization = {USC/Information Sciences Institute},
  copyrightholder = {IEEE},
  copyrightterms = {
  	Personal use of this material is permitted.  However,
  	permission to reprint/republish this material for advertising
  	or promotional purposes or for creating new collective works
          for resale or redistribution to servers or lists,
  	or to reuse any copyrighted component of this work in other works
  	must be obtained from the IEEE.
  }
}

Copyright

Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.