TY - JOUR
T1 - Forensic Model for DDoS Attack
AU - Luo, Yun
AU - Fu, Xiao
AU - Luo, Bin
AU - Du, Xiaojiang
AU - Guizani, Mohsen
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/12
Y1 - 2020/12
N2 - Recent trends have shown that botnets have been active since the 1990s. Attackers use newer technologies to damage enterprises and individuals through identity theft, bank fraud, spam campaigns, malware distribution, and distributed denial of service (DDoS) attacks. To identify the hidden details from a DDoS attack, we introduce a forensic model in this paper. This model uses NS2 to simulate the connectivity of real nodes in the network and uses Botnet and DDoS attack electronic evidence analysis methods. The botnet uses IRC channels as the basic unit. The analytical algorithm for Botnet uses election vectors to detect the split and transfer behavior of hackers. The analysis method for DDoS attacks uses attack vectors to detect whether Botnet is participating in a DDoS attack. On this basis, the fragmented packet marking method is added to track the source and path reconstruction of the router, thereby improving the scale recognition rate to 93%.
AB - Recent trends have shown that botnets have been active since the 1990s. Attackers use newer technologies to damage enterprises and individuals through identity theft, bank fraud, spam campaigns, malware distribution, and distributed denial of service (DDoS) attacks. To identify the hidden details from a DDoS attack, we introduce a forensic model in this paper. This model uses NS2 to simulate the connectivity of real nodes in the network and uses Botnet and DDoS attack electronic evidence analysis methods. The botnet uses IRC channels as the basic unit. The analytical algorithm for Botnet uses election vectors to detect the split and transfer behavior of hackers. The analysis method for DDoS attacks uses attack vectors to detect whether Botnet is participating in a DDoS attack. On this basis, the fragmented packet marking method is added to track the source and path reconstruction of the router, thereby improving the scale recognition rate to 93%.
KW - Botnet
KW - DDoS
KW - NS2
KW - forensics
UR - http://www.scopus.com/inward/record.url?scp=85101291420&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85101291420&partnerID=8YFLogxK
U2 - 10.1109/GLOBECOM42002.2020.9348178
DO - 10.1109/GLOBECOM42002.2020.9348178
M3 - Conference article
AN - SCOPUS:85101291420
SN - 2334-0983
VL - 2020-January
JO - Proceedings - IEEE Global Communications Conference, GLOBECOM
JF - Proceedings - IEEE Global Communications Conference, GLOBECOM
M1 - 9348178
T2 - 2020 IEEE Global Communications Conference, GLOBECOM 2020
Y2 - 7 December 2020 through 11 December 2020
ER -