•   When: Friday, May 08, 2015 from 12:00 PM to 01:00 PM
  •   Speakers: An Wang
  •   Location: Nguyen Engineering, Room 4201
  •   Export to iCal


Internet DDoS attacks are prevalent but hard to defend against, partially due to the volatility of the attacking methods and patterns used by attackers. Understanding the latest of DDoS attacks can provide new insights for effective defense. But most of existing understandings are based on indirect traffic measures (e.g., backscatters) or traffic seen locally (e.g., in an ISP or from a botnet). In this study, we present an in-depth study based on 50,704 different Internet DDoS attacks directly observed in a seven-month period. These attacks were launched by 674 botnets from 23 different botnet families with a total of 9026 victim IPs belonging to 1074 organizations in 186 countries. Our analysis reveals several interesting findings about today's Internet DDoS attacks.

Some highlights include:

(1) the geolocation analysis shows that the geospatial distribution of the attacking sources follows certain patterns, which enables very accurate source prediction of future attacks for most active botnet families; (2) from the target perspective, multiple attacks to the same target also exhibit strong patterns on inter-attack time interval, allowing accurate start time prediction of next anticipated attacks from certain botnet families; (3) there is a trend for different botnets in a family and from different families to collaborate on attacking the same target, simultaneously or in turn. These findings add to the existing literature on the understanding of today's Internet DDoS attacks, and offer new insights for designing new defense schemes at different levels.

Speaker's Bio

An Wang is a 3rd year Ph.D. student of Computer Science Department at George Mason University. Her research interests include software defined networking and network/system security.

Posted 1 year, 3 months ago