You Can Run, But You Can't Hide: An Effective Statistical Methodology to Trace Back DDoS Attackers

Get BibTex-formatted data

Author

Terence K.T. Law, John C.S. Lui, David K.Y. Yau

Entry type

article

Abstract

There is currently an urgent need for effective solutions against distributed denial-of-service (DDoS) attacks directed at many well-known Web sites. Because of increased sophistication and severity of these attacks, the system administrator of a victim site needs to quickly and accurately identify the probable attackers and eliminate the attack traffic. Our work is based on a probabilistic marking algorithm in which an attack graph can be constructed by a victim site. We extend the basic concept such that one can quickly and efficiently deduce the intensity of the "local trafficâ€ generated at each router in the attack graph based on the volume of received marked packets at the victim site. Given the intensities of these local traffic rates, we can rank the local traffic and identify the network domains generating most of the attack traffic. We present our traceback and attacker identification algorithms. We also provide a theoretical framework to determine the minimum stable time t_{min}, which is the minimum time needed to accurately determine the locations of attackers and local traffic rates of participating routers in the attack graph. Entensive experiments are carried out to illustrate that one can accurately determine the minimum stable time t_{min} and, at the same time, determine the location of attackers under various threshold parameters, network diameters, attack traffic distributions, on/off patterns, and network traffic conditions.

Date

2005 – 9 – 1

URL

http://csdl2.computer.org/pers ... OI;=10.1109/TPDS.2005.114

Journal

IEEE Transactions on Parallel and Distributed Systems

Key alpha

Yau

Number

Pages

799-813

Volume

Publication Date

2005-09-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Yau,
	title = "You Can Run, But You Can't Hide: An Effective Statistical Methodology to Trace Back DDoS Attackers",
	author = "Terence K.T. Law, John C.S. Lui, David K.Y. Yau",
	year = "2005",
	month = "9",
	journal = "IEEE Transactions on Parallel and Distributed Systems",
	number = "9",
	pages = "799-813",
	volume = "16",
	day = "1",
	abstract = "There is currently an urgent need for effective solutions against distributed denial-of-service (DDoS) attacks directed at many well-known Web sites. Because of increased sophistication and severity of these attacks, the system administrator of a victim site needs to quickly and accurately identify the probable attackers and eliminate the attack traffic. Our work is based on a probabilistic marking algorithm in which an attack graph can be constructed by a victim site. We extend the basic concept such that one can quickly and efficiently deduce the intensity of the "local trafficâ€ generated at each router in the attack graph based on the volume of received marked packets at the victim site. Given the intensities of these local traffic rates, we can rank the local traffic and identify the network domains generating most of the attack traffic. We present our traceback and attacker identification algorithms. We also provide a theoretical framework to determine the minimum stable time t_{min}, which is the minimum time needed to accurately determine the locations of attackers and local traffic rates of participating routers in the attack graph. Entensive experiments are carried out to illustrate that one can accurately determine the minimum stable time t_{min} and, at the same time, determine the location of attackers under various threshold parameters, network diameters, attack traffic distributions, on/off patterns, and network traffic conditions.",
	url = "http://csdl2.computer.org/persagen/DLAbsToc.jsp?resourcePath=/dl/trans/td/&toc;=comp/trans/td/2005/09/l9toc.xml&DOI;=10.1109/TPDS.2005.114",
}