Charging from sampled network usage
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)
Exploiting underlying structure for detailed reconstruction of an internet-scale event
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
The spoofer project: inferring the extent of source address filtering on the internet
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
LADS: large-scale automated DDOS detection system
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Dynamic connectivity management with an intelligent route service control point
Proceedings of the 2006 SIGCOMM workshop on Internet network management
PRIMED: community-of-interest-based DDoS mitigation
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Minimizing collateral damage by proactive surge protection
Proceedings of the 2007 workshop on Large scale attack defense
Security management with scalable distributed IP traceback
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Communities of interest for internet traffic prioritization
INFOCOM'09 Proceedings of the 28th IEEE international conference on Computer Communications Workshops
Computers & Mathematics with Applications
Collaborative, privacy-preserving data aggregation at scale
PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
Witnessing distributed denial-of-service traffic from an attacker's network
Proceedings of the 7th International Conference on Network and Services Management
Optimal source-based filtering of malicious traffic
IEEE/ACM Transactions on Networking (TON)
| Hi-index | 0.00 |
We present a measurement study analyzing DDoS attacks from multiple data sources, relying on both direct measurements of flow-level information, and more traditional indirect measurements using backscatter analysis. Understanding the nature of DDoS attacks is critically important to the development of effective counter measures to this pressing problem. While much of the community's current understanding of DDoS attacks result from indirect measurements, our analysis suggests that such studies do not give a comprehensive view of DDoS attacks witnessed in today's Internet. Specifically, our results suggest little use of address spoofing by attackers, which imply that such attacks will be invisible to indirect backscatter measurement techniques. Further, at the detailed packet-level characterization (e.g., attack destination ports), there are significant differences between direct and indirect measurements. Thus, there is tremendous value in moving towards direct observations to better understand DDoS attacks. Direct measurements additionally provide information inaccessible to indirect measurements, enabling us to better understand how to defend against attacks. We find that for 70% of the attacks fewer than 50 source ASes are involved and a relatively small number of ASes produce nearly 72% of the total attack volume. This suggests that network providers can reduce a substantial volume of malicious traffic with targeted deployment of DDoS defenses.