Yu Rao scite author profile

Identifying and determining behaviors of attack gangs is not only an advanced stage of the network security event tracing and analysis, but also a core step of large‐scale combat and punishment of cyber attacks. Most of the work in the field of distributed denial of service (DDoS) attack analysis has focused on DDoS attack detection, and a part of the work involves the research of DDoS attack sourcing. We find that very little work has been done on the mining and analysis of DDoS attack gangs. DDoS attack gangs naturally have the attributes of human community relations. We propose a framework named HiAtGang, in which we define the concept of the gang detection in DDoS attacks and introduce the community analysis technology into DDoS attack gang analysis. Different attacker clustering algorithms are compared and analyzed. Based on analysis results of massive DDoS attack events that recorded by CNCERT/CC (The National Computer Network Emergency Response Technical Team/Coordination Center of China), the effective gang mining and attribute calibration have been achieved. More than 250 DDoS attack gangs have been successfully tracked. Our research fills the gaps in the field of the DDoS attack gang detection and has supported CNCERT/CC in publishing “Analysis Report on DDoS Attack Resources” for three consecutive years and achieved a good practical effect on combating DDoS attack crimes.

show abstract

An Industrial Control Safety Situation Assessment Based on Standard Deviation

Bai

Hang

Rao

et al. 2020

View full text Add to dashboard Cite

Practical DDoS Attack Group Discovery and Tracking with Complex Graph-Based Network

Rao

Liu²,

Zhu

et al. 2020

View full text Add to dashboard Cite

In recent years, a large number of users continuously suffer from DDoS attacks. DDoS attack volume is on the rise and the scale of botnets is also getting larger. Many security organizations began to use data-driven approaches to investigate gangs and groups beneath DDoS attack behaviors, trying to unveil the facts and intentions of DDoS gangs. In this paper, DDoSAGD - a DDoS Attack Group Discovery framework is proposed to help gang recognition and situation awareness. A heterogeneous graph is constructed from botnet control message and relative threat intelligence data, and a meta path-based similarity measurement is set up to calculate relevance between C2 servers. Then two graph mining measures are combined to build up our hierarchical attack group discovery workflow, which can output attack groups with both behavior-based similarity and evidence-based relevance. Finally, the experimental results demonstrate that the designed models are promising in terms of recognition of attack groups, and evolution process of different attack groups is also illustrated.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Yu Rao

Information Protecting against APT Based on the Study of Cyber Kill Chain with Weighted Bayesian Classification with Correction Factor

HiAtGang: How to Mine the Gangs Hidden Behind DDoS Attacks

An Industrial Control Safety Situation Assessment Based on Standard Deviation

Practical DDoS Attack Group Discovery and Tracking with Complex Graph-Based Network

Contact Info

Product

Resources

About