Towards Measuring Global DDoS Attack Capacity

2019 11th International Conference on Cyber Conflict (CyCon) Pub Date : 2019-05-01 DOI:10.23919/CYCON.2019.8756851

Arturs Lavrenovs

{"title":"Towards Measuring Global DDoS Attack Capacity","authors":"Arturs Lavrenovs","doi":"10.23919/CYCON.2019.8756851","DOIUrl":null,"url":null,"abstract":"In today's Internet, distributed denial-of-service (DDoS) attacks play an ever-increasing role and constitute a risk to any commercial, military or governmental entity that has a presence on the Internet or simply has an Internet connection. To address this threat on all levels, decision-makers have to rely on trustworthy information regarding attack capacity, sources, and the largest contributors. The lack of this information limits the ability of technicians, policymakers, and other relevant decision-makers to remediate the issue as efficiently as possible. This research introduces a methodology for measuring the properties of individual devices participating in such attacks. These properties include rate limiting, amplification factor, and speed, which allows the calculation of each device's actual contribution to the attack capacity. This methodology was implemented as a proof of concept for the NTP protocol and the results indicate that it has promising potential. Individual measurements aggregated together provide insights into particular abused protocols: all the protocols together could provide the global DDoS attack capacity.","PeriodicalId":114193,"journal":{"name":"2019 11th International Conference on Cyber Conflict (CyCon)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 11th International Conference on Cyber Conflict (CyCon)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/CYCON.2019.8756851","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

In today's Internet, distributed denial-of-service (DDoS) attacks play an ever-increasing role and constitute a risk to any commercial, military or governmental entity that has a presence on the Internet or simply has an Internet connection. To address this threat on all levels, decision-makers have to rely on trustworthy information regarding attack capacity, sources, and the largest contributors. The lack of this information limits the ability of technicians, policymakers, and other relevant decision-makers to remediate the issue as efficiently as possible. This research introduces a methodology for measuring the properties of individual devices participating in such attacks. These properties include rate limiting, amplification factor, and speed, which allows the calculation of each device's actual contribution to the attack capacity. This methodology was implemented as a proof of concept for the NTP protocol and the results indicate that it has promising potential. Individual measurements aggregated together provide insights into particular abused protocols: all the protocols together could provide the global DDoS attack capacity.

查看原文本刊更多论文

试论全球DDoS攻击能力测算

在今天的互联网上，分布式拒绝服务(DDoS)攻击扮演着越来越重要的角色，并对任何在互联网上存在或仅仅具有互联网连接的商业、军事或政府实体构成风险。为了在所有层面上应对这种威胁，决策者必须依赖有关攻击能力、来源和最大贡献者的可靠信息。这些信息的缺乏限制了技术人员、决策者和其他相关决策者尽可能有效地解决问题的能力。本研究介绍了一种测量参与此类攻击的单个设备属性的方法。这些属性包括速率限制、放大因子和速度，从而可以计算出每个设备对攻击能力的实际贡献。该方法作为NTP协议的概念验证实现，结果表明它具有很好的潜力。单独的测量汇总在一起可以提供对特定被滥用协议的洞察:所有协议加在一起可以提供全球DDoS攻击能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 11th International Conference on Cyber Conflict (CyCon)

自引率

0.00%

发文量