Abstract
Research on denial of service (DoS) attack detection is complicated due to scarcity of reliable, widely available and representative contemporary input data. Efficiency of newly proposed DoS detection methods is continually verified with obsolete attack samples and tools. To address this issue, we provide a comparative analysis of traffic features of DoS attacks that were generated by state-of-the-art standalone DoS attack tools. We provide a classification of different attack traffic features, including utilized evasion techniques and encountered anomalies. We also propose a new research direction for the detection of DoS attacks at the source end, based on repeated attack patterns recognition.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
DDoS-Vault project (2015). https://github.com/crocs-muni/ddos-vault/wiki
Alomari, E., Manickam, S., Gupta, B.B., Karuppayah, S., Alfaris, R.: Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art. International Journal of Computer Applications 49(7), 24–32 (2012)
Andrade, M., Vlajic, N.: Dirt Jumper: A New and Fast Evolving Botnet-for-DDoS. International Journal of Intelligent Computing Research 3(3), December 2012
Arbor Networks. Worldwide Infrastructure Security Report, vol. IX (2014)
Aviv, A.J., Haeberlen, A.: Challenges in experimenting with botnet detection systems. In: 4th USENIX Workshop on Cyber Security Experimentation and Test (CSET 2011) (2011)
Bartolacci, M.R., LeBlanc, L.J., Podhradsky, A.: Personal Denial Of Service (PDOS) Attacks: A Discussion and Exploration of a New Category of Cyber Crime. Journal of Digital Forensics, Security and Law 9(1), 19–36 (2014)
Bhuyan, M.H., Kashyap, H.J., Bhattacharyya, D.K., Kalita, J.K.: Detecting Distributed Denial of Service Attacks: Methods, Tools and Future Directions. The Computer Journal 57(4) (2013)
Bukac, V.: Traffic characteristics of common DoS tools. Masaryk University, Technical report FIMU-RS-2014-02, April 2014
Cambiaso, E., Papaleo, G., Aiello, M.: Taxonomy of slow DoS attacks to web applications. In: Thampi, S.M., Zomaya, A.Y., Strufe, T., Alcaraz Calero, J.M., Thomas, T. (eds.) SNDS 2012. CCIS, vol. 335, pp. 195–204. Springer, Heidelberg (2012)
Wong Onn Chee and Tom Brennan. H.....t.....t....p....p....o....s....t. In: OWASP AppSec DC 2010. The OWASP Foundation (2010)
Dimitris, G., Ioannis, T., Evangelos, D.: Feature selection for robust detection of distributed denial-of-service attacks using genetic algorithms. In: Vouros, G.A., Panayiotopoulos, T. (eds.) SETN 2004. LNCS (LNAI), vol. 3025, pp. 276–281. Springer, Heidelberg (2004)
Edwards, J., Nazario, J.: A survey of contemporary Chinese DDoS malware. In: Proceedings of the 21st Virus Bulletin International Conference (2011)
Engen, V., Vincent, J., Phalp, K.: Exploring Discrepancies in Findings Obtained with the KDD Cup 1999 Data Set. Intelligent Data Analysis 15(2), 251–276 (2011)
Hansen, R.: Slowloris HTTP DoS (2009). ha.ckers.org/slowloris/ (October 22, 2014)
Kabiri, P., Zargar, G.R.: Category-based selection of effective parameters for intrusion detection. International Journal of Computer Science and Network Security (IJCSNS) 9(9), 181–188 (2009)
Mirkovic, J., Prier, G., Reiher, P.: Source-end DDoS defense. In: Second IEEE International Symposium on Network Computing and Applications, NCA 2003, pp. 171–178 (2003)
Mirkovic, J., Reiher, P.: D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks. IEEE Transactions on Dependable and Secure Computing 2(3), March 2005
Öke, G., Loukas, G.: A Denial of Service Detector based on Maximum Likelihood Detection and the Random Neural Network. The Computer Journal 50(6), September 2007
Onut, I.-V., Ghorbani, A.A.: Features vs. attacks: A comprehensive feature selection model for network based intrusion detection systems. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 19–36. Springer, Heidelberg (2007)
Plohmann, D., Gerhards-Padilla, E.: Case study of the miner botnet. In: 4th International Conference on Cyber Conflict (CYCON). IEEE (2012)
Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers & Security 31(3) (2012)
Siaterlis, C., Maglaris, V.: Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics. In: 10th IEEE Symposium on Computers and Communications (ISCC 2005) (2005)
Thing, V.L., Sloman, M., Dulay, N.: A Survey of bots used for distributed denial of service attacks. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments. IFIP, vol. 232, pp. 229–240. Springer, Heidelberg (2007)
Wang, F., Wang, H., Wang, X., Su, J.: A new multistage approach to detect subtle DDoS attacks. Mathematical and Computer Modelling 55(1–2), 198–213 (2012)
Wilson, C.: Attack of the Shuriken: Many Hands, Many Weapons, Webpage (2012). http://asert.arbornetworks.com/ddos-tools/ (May 29, 2015)
Yu, J., Kang, H., Park, D.H., Bang, H.-C., Kang, D.W.: An in-depth analysis on traffic flooding attacks detection and system using data mining techniques. Journal of Systems Architecture 59(10), 1005–1012 (2013)
Zi, L., Yearwood, J., Wu, X.-W.: Adaptive clustering with feature ranking for DDoS attacks detection. In: 4th International Conference on Network and System Security (NSS), pp. 281–286, September 2010
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Bukac, V., Matyas, V. (2015). Analyzing Traffic Features of Common Standalone DoS Attack Tools. In: Chakraborty, R., Schwabe, P., Solworth, J. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2015. Lecture Notes in Computer Science(), vol 9354. Springer, Cham. https://doi.org/10.1007/978-3-319-24126-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-24126-5_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24125-8
Online ISBN: 978-3-319-24126-5
eBook Packages: Computer ScienceComputer Science (R0)