nach oben

Erschienen in:

2014 | OriginalPaper | Buchkapitel

2. Malicious Networks for DDoS Attacks

verfasst von : Shui Yu

Erschienen in: Distributed Denial of Service Attack and Defense

Verlag: Springer New York

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In this chapter, we explore botnet, the engine of DDoS attacks, in cyberspace. We focus on two recent techniques that hackers are using to sustain their malicious networks, fast fluxing and domain fluxing. We present the mechanisms of these two techniques and also survey the detection and anti-attack methods that have been proposed against them in literature.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel An Overview of DDoS Attacks

Nächstes Kapitel DDoS Attack Detection

T. Peng, C. Leckie, and K. Ramamohanarao, “Survey of network-based defense mechanisms countering the dos and ddos problems,” ACM Computing Survey, vol. 39, no. 1, 2007.

M. Edman and B. Yener, “On anonymity in an electronic society: A survey of anonymous communication systems,” ACM Computing Survey, vol. 42, no. 1, 2009.

B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna, “Your botnet is my botnet: Analysis of a botnet takeover,” in Proceedings of the ACM conference on computer communication security, 2009, pp. 635–647.

C. Y. Cho, J. Caballero, C. Grier, V. Paxson, and D. Song, “Insights from the inside: A view of botnet management from infiltration,” in Proceedings of USENIX LEET, 2010.

Z. Li, A. Goyal, Y. Chen, and V. Paxson, “Towards situational awareness of large-scale botnet probing events,” IEEE Transactions on Information Forensics and Security, vol. 6, no. 1, pp. 175–188, 2011.CrossRef

C. A. Shue, A. J. Kalafut, and M. Gupta, “Abnormally malicious autonomous systems and their internet connectivity,” IEEE/ACM Transactions on Networking, vol. 20, no. 1, pp. 220–230, 2012.CrossRef

M. A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis, “My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging,” in Proceedings of the first conference on Hot Topics in Understanding Botnets, 2007.

N. Jiang, J. Cao, Y. Jin, L. E. Li, and Z.-L. Zhang, “Identifying suspicious activities through dns failure graph analysis,” in Proceedings of the IEEE International Conference on Network Protocols, 2010, pp. 144–153.

S. Yadav, A. K. K. Reddy, A. L. N. Reddy, and S. Ranjan, “Detecting algorithmically generated malicious domain names,” in Proceedings of the Internet Measurement Conference, 2010, pp. 48–61.

10.

V. L. L. Thing, M. Sloman, and N. Dulay, “A survey of bots used for distributed denial of service attacks,” in Proceedings of the SEC, 2007, pp. 229–240.

11.

N. Ianelli and A. Hackworth, “Botnets as vehicle for online crime,” in Proceedings of the 18th Annual FIRST Conference, 2006.

12.

P. Wang, S. Sparks, and C. C. Zou, “An advanced hybrid peer-to-peer botnet,” IEEE Transactions on Dependable and Secure Computing, vol. 7, no. 2, pp. 113–127, 2010.CrossRef

13.

M. Bailey, E. Cooke, F. Jahanian, Y. Xu, and M. Karir, “A survey of botnet technology and defenses,” in Proceedings of the cybersecurity applications and technology conference for Homeland security, 2009.

14.

Symantec, “Cutwails bounce-back; instant messages can lead to instant malware,” http://www.messagelabs.com/mlireport, 2009.

15.

P. Bacher, T. Holz, M. Kotter, and G. Wicherski, “Know your enemy: Tracking botnets,” http://www.honeynet.org/papers/bots, 2008.

16.

Y. Tang and S. Chen, “Defending against internet worms: a signature-based approach,” in Proceedings of the INFOCOM, 2005, pp. 1384–1394.

17.

C. Li, W. Jiang, and X. Zou, “Botnet: Survey and case study,” in Proceedings of the ICICIC, 2009, pp. 1184–1187.

18.

J. R. Binkley and S. Singh, “An algorithm for anomaly-based botnet detection,” in Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet – Volume 2. USENIX Association, 2006.

19.

A. Karasaridis, B. Rexroad, and D. Hoeflin, “Wide-scale botnet detection and characterization,” in Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets. USENIX Association, 2007.

20.

M. Feily, A. Shahrestani, and S. Ramadass, “A survey of botnet and botnet detection,” in Proceedings of the SECURWARE, June 2009, pp. 268–273.

21.

Honeynet, “How fast-flux service network work,” http://www.honeynet.org/node/132, 2008.

22.

S. Yu, S. Zhou, and S. Wang, “Fast-flux attack network identification based on agent lifespan,” in Proceedings of the WCNIS, June 2010, pp. 658 –662.

23.

C. V. Zhou, C. Leckie, and S. Karunasekera, “Collaborative detection of fast flux phishing domains,” Journal of Networks, vol. 4, no. 1, pp. 75–84, 2009.CrossRef

24.

T. Holz, C. Gorecki, K. Rieck, and F. C. Freiling, “Measuring and detecting fast-flux service networks,” in Proceedings of the NDSS, 2008.

25.

C. V. Zhou, C. Leckie, S. Karunasekera, and T. Peng, “A Self-healing, Self-protecting, Collaborative Intrusion Detection Architecture to Trace-back Fast-flux Phishing Domains,” in Proceedings of the 2nd IEEE Workshop on Autonomic Communication and Network Management, Apr. 2008.

26.

A. Caglayan, M. Toothaker, D. Drapeau, D. Burke, and G. Eaton, “Real-time detection of fast flux service networks,” in Proceedings of Homeland Security, 2009, pp. 285–292.

27.

R. Perdisci, I. Corona, D. Dagon, and W. Lee, “Detecting malicious flux service networks through passive analysis of recursive dns traces,” in Proceedings of the Computer Security Applications Conference, 2009, pp. 311–320.

28.

P. Amini, “Kraken botnet infiltration,” http://dvlabs.tippingpoint.com/blog/2008/04/28/kraken-botnet-infiltration, 2008.

29.

P. Porras, H. Saidi, and V. Yegneswaran, “A foray into conficker’s logic and rendezvous points,” in Proceedings of the LEET, 2009.

30.

J. Wolf, “Technical details of srizbi’s domain generation algorithm,” http://blog.fireeye.com/research/2008/11/technical-details-of-srizbis-domain-generation-algorithm.html, 2008.

31.

C. Kanich, K. Levchenko, B. Enright, G. M. Voelker, and S. Savage, “The heisenbot uncertainty problem: Challenges in separating bots from chaff.” in Proceedings of the LEET. USENIX Association, 2008.

32.

J. Ma, L. K. Saul, S. Savage, and G. M. Voelker, “Beyond blacklists: learning to detect malicious web sites from suspicious urls,” in Proceedings of the ACM SIGKDD. ACM, 2009, pp. 1245–1254.

33.

S. S. Justin Ma, Lawrence Saul and G. Voelker, “Identifying suspicious urls: An application of large-scale online learning,” in In Proc. of the International Conference on Machine Learning (ICML), 2009.

34.

N. Jiang, J. Cao, Y. Jin, L. Li, and Z.-L. Zhang, “Identifying suspicious activities through dns failure graph analysis,” in Proceedings of Network Protocols (ICNP), oct. 2010, pp. 144–153.

35.

V. Pappas, D. Wessels, D. Massey, S. Lu, A. Terzis, and L. Zhang, “Impact of configuration errors on dns robustness,” Selected Areas in Communications, IEEE Journal, vol. 27, pp. 275–290, 2009.

36.

Z. Zhu, V. Yegneswaran, and Y. Chen, “Using failure information analysis to detect enterprise zombies.” in SecureComm, vol. 19. Springer, 2009, pp. 185–206.

37.

D. Plonka and P. Barford, “Context-aware clustering of dns query traffic,” in Proceedings of the 8th ACM SIGCOMM conference on Internet measurement. ACM, 2008, pp. 217–230.

38.

Y. Jin, E. Sharafuddin, and Z. L. Zhang, “Unveiling core network-wide communication patterns through application traffic activity graph decomposition,” in Proceedings of the 11th international joint conference on Measurement and modeling of computer systems. ACM, 2009, pp. 49–60.

39.

P. Prakash, M. Kumar, R. Kompella, and M. Gupta, “Phishnet: Predictive blacklisting to detect phishing attacks,” in Proceedings of the INFOCOM, 2010, pp. 1–5.

40.

S. Yadav, A. K. K. Reddy, A. N. Reddy, and S. Ranjan, “Detecting algorithmically generated malicious domain names,” in Proceedings of the 10th annual conference on Internet measurement. ACM, 2010, pp. 48–61.

41.

C. C. Zou, W. Gong, D. F. Towsley, and L. Gao, “The monitoring and early detection of internet worms,” IEEE/ACM Transactions on Networking, vol. 13, no. 5, pp. 961–974, 2005.CrossRef

42.

S. H. Sellke, N. B. Shroff, and S. Bagchi, “Modeling and automated containment of worms,” IEEE Transactions on Dependable and Secure Computing, vol. 5, no. 2, pp. 71–86, 2008.CrossRef

43.

D. Dagon, C. Zou, and W. Lee, “Modeling botnet propagation using time zones,” in Proceedings of the 13th Network and Distributed System Security Symposium NDSS, 2006.

44.

A. J. Ganesh, L. Massoulié, and D. F. Towsley, “The effect of network topology on the spread of epidemics,” in Proceedings of the INFOCOM, 2005, pp. 1455–1466.

45.

J. Omic, A. Orda, and P. V. Mieghem, “Protecting against network infections: A game theoretic perspective,” in Proceedings of the INFOCOM, 2009.

46.

P. V. Mieghem, J. Omic, and R. Kooij, “Virus spread in networks,” IEEE/ACM Transactions on Networking, vol. 17, no. 1, pp. 1–14, 2009.CrossRef

47.

Z. Chen and C. Ji, “An information-theoretic view of network-aware malware attacks,” IEEE Transactions on Information Forensics and Security, vol. 4, no. 3, pp. 530–541, 2009.CrossRef

48.

M. Steiner, T. En-Najjary, and E. W. Biersack, “Long term study of peer behavior in the kad dht,” IEEE Transactions on Networking, vol. 17, no. 5, pp. 1371–1384, 2009.CrossRef

49.

D. Stutzbach and R. Rejaie, “Understanding churn in peer-to-peer networks,” in Proceedings of the Internet Measurement Conference, 2006, pp. 189–202.

50.

S. Sen and J. Wang, “Analyzing peer-to-peer traffic across large networks,” IEEE/ACM Transactions on Networking, vol. 12, no. 2, pp. 219–232, 2004.CrossRef

51.

D. J. Daley and J. Gani, Epidemic Modelling: An Introduction. Cambridge University Press, 1999.

52.

N. Bailey, The Mathematical Theory of Epidemics. John Wiley & Sons, 1957.

Titel: Malicious Networks for DDoS Attacks
verfasst von: Shui Yu
Verlag: Springer New York
Buch: Distributed Denial of Service Attack and Defense
Print ISBN: 978-1-4614-9490-4

Electronic ISBN: 978-1-4614-9491-1

Copyright-Jahr: 2014
DOI: https://doi.org/10.1007/978-1-4614-9491-1_2

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner