TY - GEN
T1 - Visualization of actionable knowledge to mitigate DRDoS attacks
AU - Aupetit, Michael
AU - Zhauniarovich, Yury
AU - Vasiliadis, Giorgos
AU - Dacier, Marc
AU - Boshmaf, Yazan
N1 - Generated from Scopus record by KAUST IRTS on 2022-09-12
PY - 2016/11/8
Y1 - 2016/11/8
N2 - Distributed Reflective Denial of Service attacks (DRDoS) represent an ever growing security threat. These attacks are characterized by spoofed UDP traffic that is sent to genuine machines, called amplifiers, whose response to the spoofed IP, i.e. the victim machine, is amplified and could be 500 times larger in size than the originating request. In this paper, we provide a method and a tool for Internet Service Providers (ISPs) to assess and visualize the amount of traffic that enters and leaves their network in case it contains innocent amplifiers. We show that amplified traffic usually goes undetected and can consume a significant bandwidth, even when a small number of amplifiers is present. The tool also enables ISPs to simulate various rule-based mitigation strategies and estimate their impact, based on real-world data obtained from amplification honeypots.
AB - Distributed Reflective Denial of Service attacks (DRDoS) represent an ever growing security threat. These attacks are characterized by spoofed UDP traffic that is sent to genuine machines, called amplifiers, whose response to the spoofed IP, i.e. the victim machine, is amplified and could be 500 times larger in size than the originating request. In this paper, we provide a method and a tool for Internet Service Providers (ISPs) to assess and visualize the amount of traffic that enters and leaves their network in case it contains innocent amplifiers. We show that amplified traffic usually goes undetected and can consume a significant bandwidth, even when a small number of amplifiers is present. The tool also enables ISPs to simulate various rule-based mitigation strategies and estimate their impact, based on real-world data obtained from amplification honeypots.
UR - http://ieeexplore.ieee.org/document/7739577/
UR - http://www.scopus.com/inward/record.url?scp=85006855046&partnerID=8YFLogxK
U2 - 10.1109/VIZSEC.2016.7739577
DO - 10.1109/VIZSEC.2016.7739577
M3 - Conference contribution
SN - 9781509016051
BT - 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016
PB - Institute of Electrical and Electronics Engineers Inc.
ER -