Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Computer Security Kapitel lesen Erstes Kapitel lesen

2018 | OriginalPaper | Buchkapitel

26. On Inferring and Characterizing Large-Scale Probing and DDoS Campaigns

verfasst von : Elias Bou-Harb, Claude Fachkha

Erschienen in: Computer and Network Security Essentials

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The explosive growth, complexity, adoption, and dynamism of cyberspace over the last decade have radically altered the globe. A plethora of nations have been at the very forefront of this change, fully embracing the opportunities provided by the advancements in science and technology in order to fortify the economy and to increase the productivity of everyday’s life. However, the significant dependence on cyberspace has indeed brought new risks that often compromise, exploit, and damage invaluable data and systems. Thus, the capability to proactively infer malicious activities is of paramount importance. In this context, generating cyber threat intelligence related to probing/scanning and Distributed Denial of Service (DDoS) activities renders an effective tactic to achieve the latter.
In this chapter, we investigate such malicious activities by uniquely analyzing real Internet-scale traffic targeting network telescopes or darknets, which are defined by routable, allocated yet unused Internet Protocol (IP) addresses. Specifically, we infer and characterize their independent events as well as address the problem of large-scale orchestrated campaigns, which render a new era of such stealthy and debilitating events. We conclude this chapter by highlighting some research gaps that pave the way for future work.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Generic Semantics Specification and Processing for Inter-System Information Flow Tracking
Nächstes Kapitel Design of a Secure Framework for Session Mobility as a Service in Cloud Computing Environment
Literatur
1.
2.
Hinde, S. (2003). The law, cybercrime, risk assessment and cyber protection. Computers & Security, 22, 90–95.CrossRef
3.
Bou-Harb, E., Debbabi, M., & Assi, C. (2013). A statistical approach for fingerprinting probing activities. In 2013 Eighth International Conference on Availability, Reliability and Security (ARES) (pp. 21–30), Sept 2013.
4.
Bou-Harb, E., Lakhdari, N. -E., Binsalleeh, H., & Debbabi, M. (2014). Multidimensional investigation of source port 0 probing. Digital Investigation, 11(Supplement 2), S114–S123; Fourteenth Annual {DFRWS} Conference.
5.
Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2010). Surveying port scans and their detection methodologies. The Computer Journal, 54(10), 1565–1581.CrossRef
6.
Bou-Harb, E., Debbabi, M., & Assi, C. (2014). Cyber scanning: A comprehensive survey. IEEE Communications Surveys & Tutorials, 16(3), 1496–1519.CrossRef
7.
Rossow, C. (2014). Amplification hell: Revisiting network protocols for DDoS abuse. In NDSS.
8.
Fachkha, C., & Debbabi, M. (2016). Darknet as a source of cyber intelligence: Survey, taxonomy, and characterization. IEEE Communications Surveys & Tutorials, 18(2), 1197–1227.CrossRef
9.
Moore, D., Shannon, C., Voelker, G. M., & Savage, S. (2004). Network Telescopes: Technical Report. Department of Computer Science and Engineering, University of California, San Diego.
10.
Bou-Harb, E., Assi, C., & Debbabi, M. (2016). Csc-detector: A system to infer large-scale probing campaigns. IEEE Transactions on Dependable and Secure Computing, PP(99), 1
11.
Bou-Harb, E., Debbabi, M., & Assi, C. (2013). A systematic approach for detecting and clustering distributed cyber scanning. Computer Networks, 57(18), 3826–3839CrossRef
12.
Peng, C. -K., Buldyrev, S. V., Havlin, S., Simons, M., Stanley, H. E., & Goldberger, A. L. (1994). Mosaic organization of DNA nucleotides. Phys. Rev. E, 49, 1685–1689.CrossRef
13.
Bou-Harb, E., Debbabi, M., & Assi, C. (2014). On fingerprinting probing activities. Computers & Security, 43, 35–48.CrossRef
14.
Wustrow, E., Karir, M., Bailey, M., Jahanian, F., Huston, G. (2010). Internet background radiation revisited. In Proceedings of the 10th Annual Conference on Internet Measurement (pp 62–74). New York, NY: ACM.CrossRef
15.
Bou-Harb, E., Debbabi, M., & Assi, C. (2014) Behavioral analytics for inferring large-scale orchestrated probing events. In 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS) (pp. 506–511). New York, NY: IEEE.CrossRef
16.
Moore, D., Voelker, G. M., & Savage, S. (2001). Inferring internet denial-of-service activity. Technical Report, DTIC Document.
17.
Li, Z., Goyal, A., Chen, Y., & Paxson, V. (2011). Towards situational awareness of large-scale botnet probing events. IEEE Transactions on Information Forensics and Security, 6(1), 175–188.CrossRef
18.
Moore, D., Shannon, C., Brown, D.J., Voelker, G.M., & Savage, S. (2006). Inferring internet denial-of-service activity. ACM Transactions on Computer Systems (TOCS), 24(2), 115–139CrossRef
19.
Kornblum, J. (2006). Identifying almost identical files using context triggered piecewise hashing. Digital Investigation, 3(Supplement), 91–97; The Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS’06).
20.
Lilliefors, H. W. (1967). On the Kolmogorov-Smirnov test for normality with mean and variance unknown. Journal of the American Statistical Association, 62(318), 399–402.CrossRef
21.
Li, Z., Goyal, A., Chen, Y., & Paxson, V. (2011). Towards situational awareness of large-scale botnet probing events. IEEE Transactions on Information Forensics and Security, 6(1), 175–188CrossRef
22.
Jin, Y., Simon, G., Xu, K., Zhang, Z.-L., & Kumar, V. (2007). Gray’s anatomy: Dissecting scanning activities using IP gray space analysis. In Usenix SysML07.
23.
Jin, Y., Zhang, Z. -L., Xu, K., Cao, F., & Sahu, S. (2007). Identifying and tracking suspicious activities through IP gray space analysis. In Proceedings of the 3rd Annual ACM Workshop on Mining Network Data, MineNet’07 (pp. 7–12). New York, NY: ACM.CrossRef
24.
Li, Z., Goyal, A., Chen, Y., & Paxson, V. (2009). Automating analysis of large-scale botnet probing events. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS’09 (pp. 11–22). New York, NY: ACM.
25.
Yegneswaran, V., Barford, P., & Paxson, V. (2005). Using honeynets for internet situational awareness. In Proceedings of ACM Hotnets IV.
26.
Dainotti, A., King, A., Claffy, K., Papale, F., & Pescapé, A. (2014). Analysis of a “/0” Stealth Scan from a Botnet. IEEE/ACM Transactions on Networking, 23, 341–354.CrossRef
27.
28.
Benoit, D., Trudel, A. (2007). World’s first web census. International Journal of Web Information Systems, 3(4), 378.CrossRef
29.
Heidemann, J., Pradkin, Y., Govindan, R., Papadopoulos, C., Bartlett, G., & Bannister, J. (2008). Census and survey of the visible internet. In Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, IMC’08 (pp. 169–182). New York, NY: ACM.CrossRef
30.
Pryadkin, Y., Lindell, R., Bannister, J., & Govindan, R. (2004). An empirical evaluation of ip address space occupancy. USC/ISI Technical Report ISI-TR, 598.
31.
Cui, A., & Stolfo, S. J. (2010). A quantitative analysis of the insecurity of embedded network devices: Results of a wide-area scan. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC’10 (pp. 97–106). New York, NY: ACM.
32.
Leonard, D., & Loguinov, D. (2010). Demystifying service discovery: Implementing an internet-wide scanner. In The 10th ACM SIGCOMM Conference on Internet Measurement. New York, NY: ACM.
33.
Gu, G., Porras, P., Yegneswaran, V., Fong, M., & Lee, W. (2007). Bothunter: Detecting malware infection through ids-driven dialog correlation. In Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, SS’07 (pp. 12:1–12:16). Berkeley, CA: USENIX Association.
34.
Goebel, J., & Holz, T. (2007). Rishi: Identify bot contaminated hosts by irc nickname evaluation. In Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets (USENIX HotBots), Cambridge, MA (pp. 8–8).
35.
Wurzinger, P., Bilge, L., Holz, T., Goebel, J., Kruegel, C., & Kirda, E. (2009). Automatically generating models for botnet detection. In M. Backes, & P. Ning, (Eds.), Computer security – ESORICS 2009. Lecture notes in computer science (Vol. 5789, pp. 232–249). Berlin: Springer.
36.
Tegeler, F., Fu, X., Vigna, G., & Kruegel, C. (2012). Botfinder: Finding bots in network traffic without deep packet inspection. In Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies, CoNEXT’12 (pp. 349–360). New York, NY: ACM.CrossRef
Metadaten
Titel
On Inferring and Characterizing Large-Scale Probing and DDoS Campaigns
verfasst von
Elias Bou-Harb
Claude Fachkha
Copyright-Jahr
2018
Buch
Computer and Network Security Essentials

Print ISBN: 978-3-319-58423-2

Electronic ISBN: 978-3-319-58424-9

Copyright-Jahr: 2018

DOI
https://doi.org/10.1007/978-3-319-58424-9_26

Neuer Inhalt

    Bildnachweise