Tracing the origins of distributed denial of service attacks

Amanda Peart, Penny Ross, R. Raynsford

Research output: Contribution to conferencePaperpeer-review

153 Downloads (Pure)


Distributed Denial of Service (DDoS) attacks, the cousin of Denial of Service (DoS), paralyse their target resource and on occasion inflict permanent damage, preventing it from serving its legitimate users. DoS (Denial of Service) has long been a method of cyber attack to render a host unavailable to its users through the use of various methods that either consume the victims resources or force it into a reset. Either way the target host is unable to serve it's legitimate users. More recently DDoS attacks have become popular, commonly in the form of SYN flooding and exploitation of the HTTP GET method. The majority of DDoS attacks make use of a bot-net, using a large group of unwillingly infected computers that can be unknowingly commanded to carry out a DoS attack on a specific target. IP spoofing commonly used in such DDoS attacks makes it difficult for attacks to be traced, this paper will look at the problems faced by victims of DDoS and proposes a new method of finding the origin of attack when the IP has been spoofed. The proposed method builds upon current techniques of tracing the attack back and uncovering the perpetrator's IP by reconstructing attacks paths and computationally comparing them to identify false positives in the trace. This in turn will provide a more accurate trace back path to the perpetrator with the aim to eliminate the DDoS promptly.
Original languageEnglish
Publication statusPublished - 13 Jun 2011
EventATINER 7th Annual International Conference on Computer Science & Information Systems - Athens, Greece
Duration: 13 Jun 201116 Jun 2011


ConferenceATINER 7th Annual International Conference on Computer Science & Information Systems


  • Distributed Denial of Service
  • Security
  • IP spoofing
  • Denial of Service


Dive into the research topics of 'Tracing the origins of distributed denial of service attacks'. Together they form a unique fingerprint.

Cite this