Profiling DRDoS Attacks with Data Analytics Pipeline

Abstract : A large amount of Distributed Reflective Denial-of-Service (DRDoS) attacks are launched every day, and our understanding of the modus operandi of their perpetrators is yet very limited as we are submerged with so Big Data to analyze and do not have reliable and complete ways to validate our findings. In this paper, we propose a first analytic pipeline that enables us to cluster and characterize attack campaigns into several main profiles that exhibit similarities. These similarities are due to common technical properties of the underlying infrastructures used to launch these attacks. Although we do not have access to the ground truth and we do not know how many perpetrators are acting behind the scene, we can group their attacks based on relevant commonalities with cluster ensembling to estimate their number and capture their profiles over time. Specifically, our results show that we can repeatably identify and group together common profiles of attacks while considering domain expert's constraint in the cluster ensembles. From the obtained consensus clusters, we can generate comprehensive rules that characterize past campaigns and that can be used for classifying the next ones despite the evolving nature of the attacks. Such rules can be further used to filter out garbage traffic in Internet Service Provider networks.
Type de document :
Communication dans un congrès
the 2017 ACM, Nov 2017, Singapore, Singapore. ACM Press, the 2017 ACM, 〈10.1145/3132847.3133155〉
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01829013
Contributeur : Laure Berti-Equille <>
Soumis le : mardi 3 juillet 2018 - 16:29:18
Dernière modification le : mardi 19 mars 2019 - 01:24:03
Document(s) archivé(s) le : lundi 1 octobre 2018 - 08:12:11

Fichier

CIKM2017.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Laure Berti-Équille, Yury Zhauniarovich. Profiling DRDoS Attacks with Data Analytics Pipeline. the 2017 ACM, Nov 2017, Singapore, Singapore. ACM Press, the 2017 ACM, 〈10.1145/3132847.3133155〉. 〈hal-01829013〉

Partager

Métriques

Consultations de la notice

109

Téléchargements de fichiers

30