Skip to main content

Application-Layer Ddos Attacks With Multiple Emulation Dictionaries

Michele Cirillo, Mario Di Mauro, Vincenzo Matta, Marco Tambasco

  • SPS
    Members: Free
    IEEE Members: $11.00
    Non-members: $15.00
    Length: 00:14:24
10 Jun 2021

We consider the problem of identifying the members of a botnet under an application-layer (L7) DDoS attack, where a target site is flooded with a large number of requests that emulate legitimate users' patterns. This challenging problem has been recently addressed with reference to two simplified scenarios, where either all bots pick requests from the same emulation dictionary (total overlap), or they are divided in separate clusters corresponding to distinct emulation dictionaries (no overlap at all). However, over real networks these two extreme conditions are difficult to realize, and the intermediate situation is observed where the emulation patterns of distinct bots belong to partially overlapped dictionaries. This intermediate situation introduces significant sophistication in the bot identification problem. In order to address this issue, we provide an analytical characterization of the pairwise cluster interaction, which is exploited to devise an identification rule to discriminate legitimate users from bots and to identify the individual bot clusters.

Chairs:
Victor Sanchez

Value-Added Bundle(s) Including this Product

More Like This

  • SPS
    Members: Free
    IEEE Members: $25.00
    Non-members: $40.00
  • SPS
    Members: Free
    IEEE Members: $25.00
    Non-members: $40.00
  • SPS
    Members: Free
    IEEE Members: $25.00
    Non-members: $40.00