你可以跑，但你不能隐藏:一个有效的方法来追踪DDoS攻击者

Proceedings. 10th IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunications Systems Pub Date : 2002-10-11 DOI:10.1109/MASCOT.2002.1167105

K. Law, John C.S. Lui, David K. Y. Yau

{"title":"你可以跑，但你不能隐藏:一个有效的方法来追踪DDoS攻击者","authors":"K. Law, John C.S. Lui, David K. Y. Yau","doi":"10.1109/MASCOT.2002.1167105","DOIUrl":null,"url":null,"abstract":"With the increase of sophistication and severity of DDoS (distributed denial of service) attack, it is important for a victim site to quickly identify the potential attackers and eliminate their traffic. Our work is based on the probabilistic marking algorithm by Savage et al. (2000) in which an attack graph can be constructed by a victim site. We extend the concept further such that we can deduce the local traffic rate of each router in the attack graph based on the received marked packets. Given the intensities of these local traffic rates, we can eliminate these attackers from sending high volumes of traffic to a victim site. More importantly, we propose a theoretical method to determine the minimum stable time t/sub min/, which is the minimum time it takes to accurately determine the local traffic rate of every participating router in the attack graph.","PeriodicalId":384900,"journal":{"name":"Proceedings. 10th IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunications Systems","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2002-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"You can run, but you can't hide: an effective methodology to traceback DDoS attackers\",\"authors\":\"K. Law, John C.S. Lui, David K. Y. Yau\",\"doi\":\"10.1109/MASCOT.2002.1167105\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the increase of sophistication and severity of DDoS (distributed denial of service) attack, it is important for a victim site to quickly identify the potential attackers and eliminate their traffic. Our work is based on the probabilistic marking algorithm by Savage et al. (2000) in which an attack graph can be constructed by a victim site. We extend the concept further such that we can deduce the local traffic rate of each router in the attack graph based on the received marked packets. Given the intensities of these local traffic rates, we can eliminate these attackers from sending high volumes of traffic to a victim site. More importantly, we propose a theoretical method to determine the minimum stable time t/sub min/, which is the minimum time it takes to accurately determine the local traffic rate of every participating router in the attack graph.\",\"PeriodicalId\":384900,\"journal\":{\"name\":\"Proceedings. 10th IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunications Systems\",\"volume\":\"42 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2002-10-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings. 10th IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunications Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MASCOT.2002.1167105\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. 10th IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunications Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MASCOT.2002.1167105","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 15

摘要

随着DDoS(分布式拒绝服务)攻击的复杂性和严重性的增加，受害者站点快速识别潜在攻击者并消除其流量变得非常重要。我们的工作是基于Savage等人(2000)的概率标记算法，其中攻击图可以由受害者站点构建。我们进一步扩展了这个概念，这样我们就可以根据接收到的标记数据包推断出攻击图中每个路由器的本地流量速率。考虑到这些本地流量率的强度，我们可以消除这些攻击者向受害站点发送大量流量。更重要的是，我们提出了一种确定最小稳定时间t/sub min/的理论方法，这是准确确定攻击图中每个参与路由器的本地流量速率所需的最小时间。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

You can run, but you can't hide: an effective methodology to traceback DDoS attackers

With the increase of sophistication and severity of DDoS (distributed denial of service) attack, it is important for a victim site to quickly identify the potential attackers and eliminate their traffic. Our work is based on the probabilistic marking algorithm by Savage et al. (2000) in which an attack graph can be constructed by a victim site. We extend the concept further such that we can deduce the local traffic rate of each router in the attack graph based on the received marked packets. Given the intensities of these local traffic rates, we can eliminate these attackers from sending high volumes of traffic to a victim site. More importantly, we propose a theoretical method to determine the minimum stable time t/sub min/, which is the minimum time it takes to accurately determine the local traffic rate of every participating router in the attack graph.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings. 10th IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunications Systems

自引率

0.00%

发文量