DDoS family: A novel perspective for massive types of DDoS attacks
Distributed Denial of Service (DDoS) defense is a profound research problem. In recent years, adversaries tend to complicate their attack strategies by crafting vast DDoS variants. On the one hand, this trend exacerbates both extremes of classification granularity (i.e., binary and attack level) in...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2024
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8562 https://ink.library.smu.edu.sg/context/sis_research/article/9565/viewcontent/COSE24_pv.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-9565 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-95652024-10-17T06:30:30Z DDoS family: A novel perspective for massive types of DDoS attacks ZHAO, Ziming LI, Zhaoxuan ZHOU, Zhihao YU, Jiongchi SONG, Zhuoxue XIE, Xiaofei ZHANG, Fan ZHANG, Rui Distributed Denial of Service (DDoS) defense is a profound research problem. In recent years, adversaries tend to complicate their attack strategies by crafting vast DDoS variants. On the one hand, this trend exacerbates both extremes of classification granularity (i.e., binary and attack level) in existing machine learning methods. On the other hand, massive attack categories make the filter rule table bulky, as well as cause problems of slow reaction presented in the recent state-of-the-art DDoS mitigation system. Therefore, we propose the concept of a DDoS family to reconcile/cope with these issues. The specific technical roadmap includes traffic pattern characterization, attack fingerprint production, and cross-executed family partition by community detection. Through extensive evaluations, we demonstrate the benefits of the proposal in terms of portraying similarities, guiding model classification/unknown attack detection, optimizing defense strategies, and speeding filtering reactions. For instance, our results show that using only one rule can defend 15 types of attacks due to their homogeneous behavioral representation. Particularly, we find the interesting observation that counting the backward packet is more efficient and robust against some attacks (e.g., Tor's Hammer Attack), which is very different from previous solutions. 2024-03-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8562 info:doi/10.1016/j.cose.2023.103663 https://ink.library.smu.edu.sg/context/sis_research/article/9565/viewcontent/COSE24_pv.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Backward packet statistics Community detection DDoS attack family Defense strategy Traffic fingerprint construction Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Backward packet statistics Community detection DDoS attack family Defense strategy Traffic fingerprint construction Information Security |
| spellingShingle |
Backward packet statistics Community detection DDoS attack family Defense strategy Traffic fingerprint construction Information Security ZHAO, Ziming LI, Zhaoxuan ZHOU, Zhihao YU, Jiongchi SONG, Zhuoxue XIE, Xiaofei ZHANG, Fan ZHANG, Rui DDoS family: A novel perspective for massive types of DDoS attacks |
| description |
Distributed Denial of Service (DDoS) defense is a profound research problem. In recent years, adversaries tend to complicate their attack strategies by crafting vast DDoS variants. On the one hand, this trend exacerbates both extremes of classification granularity (i.e., binary and attack level) in existing machine learning methods. On the other hand, massive attack categories make the filter rule table bulky, as well as cause problems of slow reaction presented in the recent state-of-the-art DDoS mitigation system. Therefore, we propose the concept of a DDoS family to reconcile/cope with these issues. The specific technical roadmap includes traffic pattern characterization, attack fingerprint production, and cross-executed family partition by community detection. Through extensive evaluations, we demonstrate the benefits of the proposal in terms of portraying similarities, guiding model classification/unknown attack detection, optimizing defense strategies, and speeding filtering reactions. For instance, our results show that using only one rule can defend 15 types of attacks due to their homogeneous behavioral representation. Particularly, we find the interesting observation that counting the backward packet is more efficient and robust against some attacks (e.g., Tor's Hammer Attack), which is very different from previous solutions. |
| format |
text |
| author |
ZHAO, Ziming LI, Zhaoxuan ZHOU, Zhihao YU, Jiongchi SONG, Zhuoxue XIE, Xiaofei ZHANG, Fan ZHANG, Rui |
| author_facet |
ZHAO, Ziming LI, Zhaoxuan ZHOU, Zhihao YU, Jiongchi SONG, Zhuoxue XIE, Xiaofei ZHANG, Fan ZHANG, Rui |
| author_sort |
ZHAO, Ziming |
| title |
DDoS family: A novel perspective for massive types of DDoS attacks |
| title_short |
DDoS family: A novel perspective for massive types of DDoS attacks |
| title_full |
DDoS family: A novel perspective for massive types of DDoS attacks |
| title_fullStr |
DDoS family: A novel perspective for massive types of DDoS attacks |
| title_full_unstemmed |
DDoS family: A novel perspective for massive types of DDoS attacks |
| title_sort |
ddos family: a novel perspective for massive types of ddos attacks |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2024 |
| url |
https://ink.library.smu.edu.sg/sis_research/8562 https://ink.library.smu.edu.sg/context/sis_research/article/9565/viewcontent/COSE24_pv.pdf |
| _version_ |
1814047944177876992 |