Delving Into Internet Ddos Attacks By Botnets: Characterization And Analysis

Creator

An Wang, George Mason University
Wentao Chang, George Mason University
Songqing Chen, George Mason University
Aziz Mohaisen, University of Central Florida

Keywords

data analysis; Network security; predictive models

Abstract

Internet distributed denial of service (DDoS) attacks are prevalent but hard to defend against, partially due to the volatility of the attacking methods and patterns used by attackers. Understanding the latest DDoS attacks can provide new insights for effective defense. But most of existing understandings are based on indirect traffic measures (e.g., backscatters) or traffic seen locally. In this paper, we present an in-depth analysis based on 50 704 different Internet DDoS attacks directly observed in a seven-month period. These attacks were launched by 674 botnets from 23 different botnet families with a total of 9026 victim IPs belonging to 1074 organizations in 186 countries. Our analysis reveals several interesting findings about today's Internet DDoS attacks. Some highlights include: 1) geolocation analysis shows that the geospatial distribution of the attacking sources follows certain patterns, which enables very accurate source prediction of future attacks for most active botnet families; 2) from the target perspective, multiple attacks to the same target also exhibit strong patterns of inter-attack time interval, allowing accurate start time prediction of the next anticipated attacks from certain botnet families; and 3) there is a trend for different botnets to launch DDoS attacks targeting the same victim, simultaneously or in turn. These findings add to the existing literature on the understanding of today's Internet DDoS attacks and offer new insights for designing new defense schemes at different levels.

Publication Date

12-1-2018

Publication Title

IEEE/ACM Transactions on Networking

Volume

26

Issue

6

Number of Pages

2843-2855

Document Type

Article

Personal Identifier

scopus

DOI Link

https://doi.org/10.1109/TNET.2018.2874896

Copyright Status

Unknown

Socpus ID

85056343741 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/85056343741

STARS Citation

Wang, An; Chang, Wentao; Chen, Songqing; and Mohaisen, Aziz, "Delving Into Internet Ddos Attacks By Botnets: Characterization And Analysis" (2018). Scopus Export 2015-2019. 9308.
https://stars.library.ucf.edu/scopus2015/9308