Forensic Model for DDoS Attack

Yun Luo, Xiao Fu, Bin Luo, Xiaojiang Du, Mohsen Guizani

Research output: Contribution to journalConference articlepeer-review

Abstract

Recent trends have shown that botnets have been active since the 1990s. Attackers use newer technologies to damage enterprises and individuals through identity theft, bank fraud, spam campaigns, malware distribution, and distributed denial of service (DDoS) attacks. To identify the hidden details from a DDoS attack, we introduce a forensic model in this paper. This model uses NS2 to simulate the connectivity of real nodes in the network and uses Botnet and DDoS attack electronic evidence analysis methods. The botnet uses IRC channels as the basic unit. The analytical algorithm for Botnet uses election vectors to detect the split and transfer behavior of hackers. The analysis method for DDoS attacks uses attack vectors to detect whether Botnet is participating in a DDoS attack. On this basis, the fragmented packet marking method is added to track the source and path reconstruction of the router, thereby improving the scale recognition rate to 93%.

Original languageEnglish
Article number9348178
JournalProceedings - IEEE Global Communications Conference, GLOBECOM
Volume2020-January
DOIs
StatePublished - Dec 2020
Event2020 IEEE Global Communications Conference, GLOBECOM 2020 - Virtual, Taipei, Taiwan, Province of China
Duration: 7 Dec 202011 Dec 2020

Keywords

  • Botnet
  • DDoS
  • NS2
  • forensics

Fingerprint

Dive into the research topics of 'Forensic Model for DDoS Attack'. Together they form a unique fingerprint.

Cite this