Forensic Model for DDoS Attack

Yun Luo; Xiao Fu; Bin Luo; Xiaojiang Du; Mohsen Guizani

doi:10.1109/GLOBECOM42002.2020.9348178

Forensic Model for DDoS Attack

Yun Luo
, Xiao Fu
, Bin Luo
, Xiaojiang Du
, Mohsen Guizani

Department of Electrical and Computer Engineering

Nanjing University

Research output: Contribution to journal › Conference article › peer-review

Abstract

Recent trends have shown that botnets have been active since the 1990s. Attackers use newer technologies to damage enterprises and individuals through identity theft, bank fraud, spam campaigns, malware distribution, and distributed denial of service (DDoS) attacks. To identify the hidden details from a DDoS attack, we introduce a forensic model in this paper. This model uses NS2 to simulate the connectivity of real nodes in the network and uses Botnet and DDoS attack electronic evidence analysis methods. The botnet uses IRC channels as the basic unit. The analytical algorithm for Botnet uses election vectors to detect the split and transfer behavior of hackers. The analysis method for DDoS attacks uses attack vectors to detect whether Botnet is participating in a DDoS attack. On this basis, the fragmented packet marking method is added to track the source and path reconstruction of the router, thereby improving the scale recognition rate to 93%.

Original language	English
Article number	9348178
Journal	Proceedings - IEEE Global Communications Conference, GLOBECOM
Volume	2020-January
DOIs	https://doi.org/10.1109/GLOBECOM42002.2020.9348178
State	Published - Dec 2020
Event	2020 IEEE Global Communications Conference, GLOBECOM 2020 - Virtual, Taipei, Taiwan, Province of China Duration: 7 Dec 2020 → 11 Dec 2020

Keywords

Botnet
DDoS
NS2
forensics

Access to Document

10.1109/GLOBECOM42002.2020.9348178

Cite this

@article{817099ca12ab49d188eebaca064bf4d7,

title = "Forensic Model for DDoS Attack",

abstract = "Recent trends have shown that botnets have been active since the 1990s. Attackers use newer technologies to damage enterprises and individuals through identity theft, bank fraud, spam campaigns, malware distribution, and distributed denial of service (DDoS) attacks. To identify the hidden details from a DDoS attack, we introduce a forensic model in this paper. This model uses NS2 to simulate the connectivity of real nodes in the network and uses Botnet and DDoS attack electronic evidence analysis methods. The botnet uses IRC channels as the basic unit. The analytical algorithm for Botnet uses election vectors to detect the split and transfer behavior of hackers. The analysis method for DDoS attacks uses attack vectors to detect whether Botnet is participating in a DDoS attack. On this basis, the fragmented packet marking method is added to track the source and path reconstruction of the router, thereby improving the scale recognition rate to 93\%.",

keywords = "Botnet, DDoS, NS2, forensics",

author = "Yun Luo and Xiao Fu and Bin Luo and Xiaojiang Du and Mohsen Guizani",

note = "Publisher Copyright: {\textcopyright} 2020 IEEE.; 2020 IEEE Global Communications Conference, GLOBECOM 2020 ; Conference date: 07-12-2020 Through 11-12-2020",

year = "2020",

month = dec,

doi = "10.1109/GLOBECOM42002.2020.9348178",

language = "English",

volume = "2020-January",

}

TY - JOUR

T1 - Forensic Model for DDoS Attack

AU - Luo, Yun

AU - Fu, Xiao

AU - Luo, Bin

AU - Du, Xiaojiang

AU - Guizani, Mohsen

PY - 2020/12

Y1 - 2020/12

N2 - Recent trends have shown that botnets have been active since the 1990s. Attackers use newer technologies to damage enterprises and individuals through identity theft, bank fraud, spam campaigns, malware distribution, and distributed denial of service (DDoS) attacks. To identify the hidden details from a DDoS attack, we introduce a forensic model in this paper. This model uses NS2 to simulate the connectivity of real nodes in the network and uses Botnet and DDoS attack electronic evidence analysis methods. The botnet uses IRC channels as the basic unit. The analytical algorithm for Botnet uses election vectors to detect the split and transfer behavior of hackers. The analysis method for DDoS attacks uses attack vectors to detect whether Botnet is participating in a DDoS attack. On this basis, the fragmented packet marking method is added to track the source and path reconstruction of the router, thereby improving the scale recognition rate to 93%.

AB - Recent trends have shown that botnets have been active since the 1990s. Attackers use newer technologies to damage enterprises and individuals through identity theft, bank fraud, spam campaigns, malware distribution, and distributed denial of service (DDoS) attacks. To identify the hidden details from a DDoS attack, we introduce a forensic model in this paper. This model uses NS2 to simulate the connectivity of real nodes in the network and uses Botnet and DDoS attack electronic evidence analysis methods. The botnet uses IRC channels as the basic unit. The analytical algorithm for Botnet uses election vectors to detect the split and transfer behavior of hackers. The analysis method for DDoS attacks uses attack vectors to detect whether Botnet is participating in a DDoS attack. On this basis, the fragmented packet marking method is added to track the source and path reconstruction of the router, thereby improving the scale recognition rate to 93%.

KW - Botnet

KW - DDoS

KW - NS2

KW - forensics

UR - https://www.scopus.com/pages/publications/85101291420

UR - https://www.scopus.com/pages/publications/85101291420#tab=citedBy

U2 - 10.1109/GLOBECOM42002.2020.9348178

DO - 10.1109/GLOBECOM42002.2020.9348178

M3 - Conference article

AN - SCOPUS:85101291420

SN - 2334-0983

VL - 2020-January

JO - Proceedings - IEEE Global Communications Conference, GLOBECOM

JF - Proceedings - IEEE Global Communications Conference, GLOBECOM

M1 - 9348178

T2 - 2020 IEEE Global Communications Conference, GLOBECOM 2020

Y2 - 7 December 2020 through 11 December 2020

ER -

Forensic Model for DDoS Attack

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this