Tracing the origins of distributed denial of service attacks
Research output: Chapter in Book/Report/Conference proceeding › Chapter (peer-reviewed) › peer-review
Distributed Denial of Service (DDoS) attacks, the cousin of Denial of Service (DoS), paralyse their target resource and on occasion inflict permanent damage, preventing it from serving its legitimate users. DoS (Denial of Service) has long been a method of cyber attack to render a host unavailable to its users through the use of various methods that either consume the victims resources or force it into a reset. Either way the target host is unable to serve it's legitimate users. More recently DDoS attacks have become popular, commonly in the form of SYN flooding and exploitation of the HTTP GET method. The majority of DDoS attacks make use of a bot-net, using a large group of unwillingly infected computers that can be unknowingly commanded to carry out a DoS attack on a specific target. IP spoofing commonly used in such DDoS attacks makes it difficult for attacks to be traced, this paper will look at the problems faced by victims of DDoS and proposes a new method of finding the origin of attack when the IP has been spoofed. The proposed method builds upon current techniques of tracing the attack back and uncovering the perpetrator's IP by reconstructing attacks paths and computationally compared them to identify false positives in the trace. This in turn will provide a more accurate trace back path to the perpetrator with the aim to eliminate the DDoS promptly.
|Title of host publication||Enterprise management inforrmation systems|
|Editors||Y. Papadopoulos, P. Petratos|
|Place of Publication||Athens Greece|
|Number of pages||10|
|Publication status||Published - 2012|