2018
DOI: 10.1007/978-3-030-03405-4_12
|View full text |Cite
|
Sign up to set email alerts
|

Detecting Target-Area Link-Flooding DDoS Attacks Using Traffic Analysis and Supervised Learning

Abstract: A novel class of extreme link-flooding DDoS (Distributed Denial of Service) attacks is designed to cut off entire geographical areas such as cities and even countries from the Internet by simultaneously targeting a selected set of network links. The Crossfire attack is a target-area link-flooding attack, which is orchestrated in three complex phases. The attack uses a massively distributed large-scale botnet to generate low-rate benign traffic aiming to congest selected network links, so-called target links. T… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
7
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
4
3
2

Relationship

0
9

Authors

Journals

citations
Cited by 11 publications
(7 citation statements)
references
References 10 publications
0
7
0
Order By: Relevance
“…Though DDoS attacks have different flavors, they all have a similar objective. A variety of attacks in DDoS include SYN floods [67], in which a hacker dispatches a number of SYN appeals to a remarkable target; attacks in internet control message protocol (ICMP) [68] (in which several ICMP packets are being transmitted via a spoof-IP); crossfire attacks [69] in which an attacker is attacking a complex, massive botnet; and User data logs (User Datagram Protocol). Botnet attacks [70] are a form of DDoS attack occurring in IoT networks.…”
Section: Denial Of Servicementioning
confidence: 99%
“…Though DDoS attacks have different flavors, they all have a similar objective. A variety of attacks in DDoS include SYN floods [67], in which a hacker dispatches a number of SYN appeals to a remarkable target; attacks in internet control message protocol (ICMP) [68] (in which several ICMP packets are being transmitted via a spoof-IP); crossfire attacks [69] in which an attacker is attacking a complex, massive botnet; and User data logs (User Datagram Protocol). Botnet attacks [70] are a form of DDoS attack occurring in IoT networks.…”
Section: Denial Of Servicementioning
confidence: 99%
“…In the example map on Figure 4, the row labels (to the left of the grid) indicate the type of protocol used in the attack, whereas the column headers at the top represent the attack strategy employed by the attacker. "Direct" in the column header refers to attacks that directly target a victim, whereas "indirect" attacks target the resources upon which a victim depends, such as link-flooding attacks [26], [27]. Reflection attacks are those where the attacking agents recruit unwitting accomplices to attack the target, whereas in unreflected attacks, the attacking agents attack the target without mobilizing assistance from unwitting accomplices.…”
Section: Defence Mapmentioning
confidence: 99%
“…Although there are different types of DDoS attacks, they all have the same objective. Few variants of DDoS attacks are SYN flooding [67] (in which an attacker sends successions of SYN requests to a target), Internet Control Message Protocol (ICMP) attacks [34] (in which large number of ICMP packets are broadcasted using the victim's spoofed IP), crossfire attacks [107] (using a complex and massively large-scale botnet for attack execution) and User Datagram Protocol (UDP) flooding attacks [71] (sending a large number of UDP packets to random ports on a remote victim). Botnet attack [96] is a type of DDoS attack in an IoT network.…”
Section: Security Threatsmentioning
confidence: 99%