Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security, Privacy, and Applied Cryptography Engineering

SPACE 2015: Security, Privacy, and Applied Cryptography Engineering pp 21–40Cite as

Analyzing Traffic Features of Common Standalone DoS Attack Tools

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9354))

Abstract

Research on denial of service (DoS) attack detection is complicated due to scarcity of reliable, widely available and representative contemporary input data. Efficiency of newly proposed DoS detection methods is continually verified with obsolete attack samples and tools. To address this issue, we provide a comparative analysis of traffic features of DoS attacks that were generated by state-of-the-art standalone DoS attack tools. We provide a classification of different attack traffic features, including utilized evasion techniques and encountered anomalies. We also propose a new research direction for the detection of DoS attacks at the source end, based on repeated attack patterns recognition.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. DDoS-Vault project (2015). https://github.com/crocs-muni/ddos-vault/wiki

  2. Alomari, E., Manickam, S., Gupta, B.B., Karuppayah, S., Alfaris, R.: Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art. International Journal of Computer Applications 49(7), 24–32 (2012)

    Article  Google Scholar 

  3. Andrade, M., Vlajic, N.: Dirt Jumper: A New and Fast Evolving Botnet-for-DDoS. International Journal of Intelligent Computing Research 3(3), December 2012

    Google Scholar 

  4. Arbor Networks. Worldwide Infrastructure Security Report, vol. IX (2014)

    Google Scholar 

  5. Aviv, A.J., Haeberlen, A.: Challenges in experimenting with botnet detection systems. In: 4th USENIX Workshop on Cyber Security Experimentation and Test (CSET 2011) (2011)

    Google Scholar 

  6. Bartolacci, M.R., LeBlanc, L.J., Podhradsky, A.: Personal Denial Of Service (PDOS) Attacks: A Discussion and Exploration of a New Category of Cyber Crime. Journal of Digital Forensics, Security and Law 9(1), 19–36 (2014)

    Google Scholar 

  7. Bhuyan, M.H., Kashyap, H.J., Bhattacharyya, D.K., Kalita, J.K.: Detecting Distributed Denial of Service Attacks: Methods, Tools and Future Directions. The Computer Journal 57(4) (2013)

    Google Scholar 

  8. Bukac, V.: Traffic characteristics of common DoS tools. Masaryk University, Technical report FIMU-RS-2014-02, April 2014

    Google Scholar 

  9. Cambiaso, E., Papaleo, G., Aiello, M.: Taxonomy of slow DoS attacks to web applications. In: Thampi, S.M., Zomaya, A.Y., Strufe, T., Alcaraz Calero, J.M., Thomas, T. (eds.) SNDS 2012. CCIS, vol. 335, pp. 195–204. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  10. Wong Onn Chee and Tom Brennan. H.....t.....t....p....p....o....s....t. In: OWASP AppSec DC 2010. The OWASP Foundation (2010)

    Google Scholar 

  11. Dimitris, G., Ioannis, T., Evangelos, D.: Feature selection for robust detection of distributed denial-of-service attacks using genetic algorithms. In: Vouros, G.A., Panayiotopoulos, T. (eds.) SETN 2004. LNCS (LNAI), vol. 3025, pp. 276–281. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  12. Edwards, J., Nazario, J.: A survey of contemporary Chinese DDoS malware. In: Proceedings of the 21st Virus Bulletin International Conference (2011)

    Google Scholar 

  13. Engen, V., Vincent, J., Phalp, K.: Exploring Discrepancies in Findings Obtained with the KDD Cup 1999 Data Set. Intelligent Data Analysis 15(2), 251–276 (2011)

    Google Scholar 

  14. Hansen, R.: Slowloris HTTP DoS (2009). ha.ckers.org/slowloris/ (October 22, 2014)

  15. Kabiri, P., Zargar, G.R.: Category-based selection of effective parameters for intrusion detection. International Journal of Computer Science and Network Security (IJCSNS) 9(9), 181–188 (2009)

    Google Scholar 

  16. Mirkovic, J., Prier, G., Reiher, P.: Source-end DDoS defense. In: Second IEEE International Symposium on Network Computing and Applications, NCA 2003, pp. 171–178 (2003)

    Google Scholar 

  17. Mirkovic, J., Reiher, P.: D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks. IEEE Transactions on Dependable and Secure Computing 2(3), March 2005

    Google Scholar 

  18. Öke, G., Loukas, G.: A Denial of Service Detector based on Maximum Likelihood Detection and the Random Neural Network. The Computer Journal 50(6), September 2007

    Google Scholar 

  19. Onut, I.-V., Ghorbani, A.A.: Features vs. attacks: A comprehensive feature selection model for network based intrusion detection systems. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 19–36. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  20. Plohmann, D., Gerhards-Padilla, E.: Case study of the miner botnet. In: 4th International Conference on Cyber Conflict (CYCON). IEEE (2012)

    Google Scholar 

  21. Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers & Security 31(3) (2012)

    Google Scholar 

  22. Siaterlis, C., Maglaris, V.: Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics. In: 10th IEEE Symposium on Computers and Communications (ISCC 2005) (2005)

    Google Scholar 

  23. Thing, V.L., Sloman, M., Dulay, N.: A Survey of bots used for distributed denial of service attacks. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments. IFIP, vol. 232, pp. 229–240. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  24. Wang, F., Wang, H., Wang, X., Su, J.: A new multistage approach to detect subtle DDoS attacks. Mathematical and Computer Modelling 55(1–2), 198–213 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  25. Wilson, C.: Attack of the Shuriken: Many Hands, Many Weapons, Webpage (2012). http://asert.arbornetworks.com/ddos-tools/ (May 29, 2015)

  26. Yu, J., Kang, H., Park, D.H., Bang, H.-C., Kang, D.W.: An in-depth analysis on traffic flooding attacks detection and system using data mining techniques. Journal of Systems Architecture 59(10), 1005–1012 (2013)

    Article  Google Scholar 

  27. Zi, L., Yearwood, J., Wu, X.-W.: Adaptive clustering with feature ranking for DDoS attacks detection. In: 4th International Conference on Network and System Security (NSS), pp. 281–286, September 2010

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centre for Research on Cryptography and Security, Faculty of Informatics, Masaryk University, Brno, Czech Republic

    Vit Bukac & Vashek Matyas

Authors
  1. Vit Bukac
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vashek Matyas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vit Bukac .

Editor information

Editors and Affiliations

  1. Indian Inst of Tech Kharagpur, Kharagpur, West Bengal, India

    Rajat Subhra Chakraborty

  2. Digital Security Group, Radboud University Nijmegen, Nijmegen, Gelderland, The Netherlands

    Peter Schwabe

  3. Dept. of Computer Science, University of Illinois at Chicago, Chicago, Illinois, USA

    Jon Solworth

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Bukac, V., Matyas, V. (2015). Analyzing Traffic Features of Common Standalone DoS Attack Tools. In: Chakraborty, R., Schwabe, P., Solworth, J. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2015. Lecture Notes in Computer Science(), vol 9354. Springer, Cham. https://doi.org/10.1007/978-3-319-24126-5_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-24126-5_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-24125-8

  • Online ISBN: 978-3-319-24126-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation