Fingerprinting internet DNS amplification DDoS Activities

2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops

Volumn , Issue , 2014, Pages

  Fachkha, Claude ^a   Bou Harb, Elias ^a   Debbabi, Mourad ^a  

^a Computer Security Laboratory CIISE Concordia University and NCFTA Canada ^*  (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

DENIAL-OF-SERVICE ATTACK; INTERNET; NETWORK LAYERS; NETWORK SECURITY;

ADDRESS SPACE; ANTI-SPAM; BACK-SCATTERED; CYBER SECURITY; DARKNET; DDOS ATTACK; DISTRIBUTED DENIAL OF SERVICE; PACKET SIZE;

INTERNET PROTOCOLS;

EID: 84901454848     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/NTMS.2014.6814019     Document Type: Conference Paper

References (26)

1. Arbor Networks. 2012 Infrastructure Security Report.[Online]. Available: http://tinyurl.com/ag6tht4
2. US-CERT. DNS Amplification Attacks-Alert (TA13-088A).[Online]. Available: http://tinyurl.com/bp4xud4
3. Ars Technica. When spammers go to war: Behind the Spamhaus DDoS.[Online]. Available: http://tinyurl.com/d9vkegg
4. CloudFlare blog. The DDoS That Knocked Spamhaus Offline.[Online]. Available: http://tinyurl.com/d46gpkj
5. D. Moore et al., Inferring internet denial-of-service activity, in In Proceedings of the 10th Usenix Security Symposium, 2001.
6. Fachkha et al., Towards a forecasting model for distributed denial of service activities, in the 12th IEEE International Symposium on Network Computing and Applications (NCA), 2013, 2013, pp. 110-117.
7. Bou-Harb et al., A statistical approach for fingerprinting probing activities, in the Eighth International Conference on Availability, Reliability and Security (ARES), 2013. IEEE, 2013, pp. 21-30.
8. Dainotti et al., Analysis of a/0 stealth scan from a botnet, in Proceedings of the 2012 ACM conference on Internet measurement conference. ACM, 2012, pp. 1-14.
9. D. Moore et al., Inferring internet denial-of-service activity, ACM Transactions on Computer Systems (TOCS), 2006.
10. CAIDA. Cooperative Association for Internet Data Analysis.[Online]. Available: http://www.caida.org
11. Fadlullah et al., Dtrab:combating against attacks on encrypted protocols through traffic-feature analysis, IEEE/ACM Transactions on Networking (TON), vol. 18, no. 4, pp. 1234-1247, 2010.
12. Yao et al., Passive ip traceback: capturing the origin of anonymous traffic through network telescopes, SIGCOMM Comput. Commun. Rev., vol. 41, no. 4, Aug. 2010.
13. J. Bi, P. Hu, and P. Li, Study on classification and characteristics of source address spoofing attacks in the internet, in Proceedings of the 2010 Ninth International Conference on Networks. Washington, DC, USA: IEEE Computer Society, 2010.
14. B. Irwin and N. Pilkington, High level internet scale traffic visualization using hilbert curve mapping, in VizSEC 2007. Springer, 2008.
15. J. Oberheide, M. Karir, and Z. M. Mao, Characterizing dark dns behavior, in In Fourth GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), 2007.
16. V. Paxson, An analysis of using reflectors for distributed denial-of-service attacks, SIGCOMM Comput. Commun. Rev., 2001.
17. Dagon et al., Corrupted dns resolution paths: The rise of a malicious resolution authority. in NDSS, 2008.
18. Bailey et al., The internet motion sensor, in Proceedings of the 12th ISOC Symposium on Network and Distributed Systems Security (SNDSS), 2005, pp. 167-179.
19. Fachkha et al., Investigating the dark cyberspace: Profiling, threat-based analysis and correlation, in the 7th International Conference on Risk and Security of Internet and Systems (CRiSIS), 2012.
20. Bou-Harb et al., Cyber scanning: Acomprehensive survey, Communications Surveys and Tutorials, 2013.
21. Wustrow et al., Internet background radiation revisited, in Proceedings of the 10th annual conference on Internet measurement. ACM, 2010, pp. 62-74.
22. Staniford et al., The top speed of flash worms, in Proceedings of the 2004 ACM workshop on Rapid malcode, ser. WORM 04. New York, NY, USA: ACM, 2004, pp. 33-42.
23. S. Staniford, J. A. Hoagland, and J. M. McAlerney, Practical automated detection of stealthy portscans, Journal of Computer Security, vol. 10, no. 1, pp. 105-136, 2002.
24. Bloomberg News. Dutch Man Arrested in Spain in Probe of Spamhaus Attack.[Online]. Available: http://tinyurl.com/lzqheb5
25. The Irish Times. Spam dispute results in biggest ever cyber attack.[Online]. Available: http://tinyurl.com/d2xwv9w
26. Luc Rossini. Twitter: Spamhaus is currently under a ddos attack.[Online]. Available: http://tinyurl.com/m7dayxr