Tracing the origins of distributed denial of service attacks

Amanda Peart, R. Raynsford, Penny Ross

Research output: Chapter in Book/Report/Conference proceedingChapter (peer-reviewed)peer-review

Abstract

Distributed Denial of Service (DDoS) attacks, the cousin of Denial of Service (DoS), paralyse their target resource and on occasion inflict permanent damage, preventing it from serving its legitimate users. DoS (Denial of Service) has long been a method of cyber attack to render a host unavailable to its users through the use of various methods that either consume the victims resources or force it into a reset. Either way the target host is unable to serve it's legitimate users. More recently DDoS attacks have become popular, commonly in the form of SYN flooding and exploitation of the HTTP GET method. The majority of DDoS attacks make use of a bot-net, using a large group of unwillingly infected computers that can be unknowingly commanded to carry out a DoS attack on a specific target. IP spoofing commonly used in such DDoS attacks makes it difficult for attacks to be traced, this paper will look at the problems faced by victims of DDoS and proposes a new method of finding the origin of attack when the IP has been spoofed. The proposed method builds upon current techniques of tracing the attack back and uncovering the perpetrator's IP by reconstructing attacks paths and computationally compared them to identify false positives in the trace. This in turn will provide a more accurate trace back path to the perpetrator with the aim to eliminate the DDoS promptly.
Original languageEnglish
Title of host publicationEnterprise management inforrmation systems
EditorsY. Papadopoulos, P. Petratos
Place of PublicationAthens Greece
PublisherAtiner
Pages27-36
Number of pages10
ISBN (Print)9789609549608
Publication statusPublished - 2012

Keywords

  • Distributed Denial of Service
  • Security
  • IP spoofing
  • Denial of Service

Fingerprint

Dive into the research topics of 'Tracing the origins of distributed denial of service attacks'. Together they form a unique fingerprint.

Cite this