Visualization of actionable knowledge to mitigate DRDoS attacks

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

Distributed Reflective Denial of Service attacks (DRDoS) represent an ever growing security threat. These attacks are characterized by spoofed UDP traffic that is sent to genuine machines, called amplifiers, whose response to the spoofed IP, i.e. the victim machine, is amplified and could be 500 times larger in size than the originating request. In this paper, we provide a method and a tool for Internet Service Providers (ISPs) to assess and visualize the amount of traffic that enters and leaves their network in case it contains innocent amplifiers. We show that amplified traffic usually goes undetected and can consume a significant bandwidth, even when a small number of amplifiers is present. The tool also enables ISPs to simulate various rule-based mitigation strategies and estimate their impact, based on real-world data obtained from amplification honeypots.

Original languageEnglish
Title of host publication2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781509016051
DOIs
Publication statusPublished - 8 Nov 2016
Event2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016 - Baltimore, United States
Duration: 24 Oct 2016 → …

Other

Other2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016
CountryUnited States
CityBaltimore
Period24/10/16 → …

Fingerprint

Internet service providers
Denial of Service
Visualization
Attack
Traffic
Honeypot
Amplification
Bandwidth
Estimate
Knowledge
Denial-of-service attack

Keywords

  • C.2.0 [Computer Systems Organization]: Computer Communication Networks-Security and Protection
  • K.6.m [Computing Milieux]: Miscellaneous-Security

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Media Technology
  • Modelling and Simulation

Cite this

Aupetit, M., Zhauniarovich, Y., Vasiliadis, G., Dacier, M., & Boshmaf, Y. (2016). Visualization of actionable knowledge to mitigate DRDoS attacks. In 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016 [7739577] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/VIZSEC.2016.7739577

Visualization of actionable knowledge to mitigate DRDoS attacks. / Aupetit, Michael; Zhauniarovich, Yury; Vasiliadis, Giorgos; Dacier, Marc; Boshmaf, Yazan.

2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016. Institute of Electrical and Electronics Engineers Inc., 2016. 7739577.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Aupetit, M, Zhauniarovich, Y, Vasiliadis, G, Dacier, M & Boshmaf, Y 2016, Visualization of actionable knowledge to mitigate DRDoS attacks. in 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016., 7739577, Institute of Electrical and Electronics Engineers Inc., 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016, Baltimore, United States, 24/10/16. https://doi.org/10.1109/VIZSEC.2016.7739577
Aupetit M, Zhauniarovich Y, Vasiliadis G, Dacier M, Boshmaf Y. Visualization of actionable knowledge to mitigate DRDoS attacks. In 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016. Institute of Electrical and Electronics Engineers Inc. 2016. 7739577 https://doi.org/10.1109/VIZSEC.2016.7739577
Aupetit, Michael ; Zhauniarovich, Yury ; Vasiliadis, Giorgos ; Dacier, Marc ; Boshmaf, Yazan. / Visualization of actionable knowledge to mitigate DRDoS attacks. 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016. Institute of Electrical and Electronics Engineers Inc., 2016.
@inproceedings{09da72767ba24f8eb33480e21b47e64a,
title = "Visualization of actionable knowledge to mitigate DRDoS attacks",
abstract = "Distributed Reflective Denial of Service attacks (DRDoS) represent an ever growing security threat. These attacks are characterized by spoofed UDP traffic that is sent to genuine machines, called amplifiers, whose response to the spoofed IP, i.e. the victim machine, is amplified and could be 500 times larger in size than the originating request. In this paper, we provide a method and a tool for Internet Service Providers (ISPs) to assess and visualize the amount of traffic that enters and leaves their network in case it contains innocent amplifiers. We show that amplified traffic usually goes undetected and can consume a significant bandwidth, even when a small number of amplifiers is present. The tool also enables ISPs to simulate various rule-based mitigation strategies and estimate their impact, based on real-world data obtained from amplification honeypots.",
keywords = "C.2.0 [Computer Systems Organization]: Computer Communication Networks-Security and Protection, K.6.m [Computing Milieux]: Miscellaneous-Security",
author = "Michael Aupetit and Yury Zhauniarovich and Giorgos Vasiliadis and Marc Dacier and Yazan Boshmaf",
year = "2016",
month = "11",
day = "8",
doi = "10.1109/VIZSEC.2016.7739577",
language = "English",
booktitle = "2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Visualization of actionable knowledge to mitigate DRDoS attacks

AU - Aupetit, Michael

AU - Zhauniarovich, Yury

AU - Vasiliadis, Giorgos

AU - Dacier, Marc

AU - Boshmaf, Yazan

PY - 2016/11/8

Y1 - 2016/11/8

N2 - Distributed Reflective Denial of Service attacks (DRDoS) represent an ever growing security threat. These attacks are characterized by spoofed UDP traffic that is sent to genuine machines, called amplifiers, whose response to the spoofed IP, i.e. the victim machine, is amplified and could be 500 times larger in size than the originating request. In this paper, we provide a method and a tool for Internet Service Providers (ISPs) to assess and visualize the amount of traffic that enters and leaves their network in case it contains innocent amplifiers. We show that amplified traffic usually goes undetected and can consume a significant bandwidth, even when a small number of amplifiers is present. The tool also enables ISPs to simulate various rule-based mitigation strategies and estimate their impact, based on real-world data obtained from amplification honeypots.

AB - Distributed Reflective Denial of Service attacks (DRDoS) represent an ever growing security threat. These attacks are characterized by spoofed UDP traffic that is sent to genuine machines, called amplifiers, whose response to the spoofed IP, i.e. the victim machine, is amplified and could be 500 times larger in size than the originating request. In this paper, we provide a method and a tool for Internet Service Providers (ISPs) to assess and visualize the amount of traffic that enters and leaves their network in case it contains innocent amplifiers. We show that amplified traffic usually goes undetected and can consume a significant bandwidth, even when a small number of amplifiers is present. The tool also enables ISPs to simulate various rule-based mitigation strategies and estimate their impact, based on real-world data obtained from amplification honeypots.

KW - C.2.0 [Computer Systems Organization]: Computer Communication Networks-Security and Protection

KW - K.6.m [Computing Milieux]: Miscellaneous-Security

UR - http://www.scopus.com/inward/record.url?scp=85006855046&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85006855046&partnerID=8YFLogxK

U2 - 10.1109/VIZSEC.2016.7739577

DO - 10.1109/VIZSEC.2016.7739577

M3 - Conference contribution

AN - SCOPUS:85006855046

BT - 2016 IEEE Symposium on Visualization for Cyber Security, VizSec 2016

PB - Institute of Electrical and Electronics Engineers Inc.

ER -