University of Twente Student Theses

Login

DDoS Attack fingerprint extraction tool : making a flow-based approach as precise as a packet-based

Conrads, J.G. (2019) DDoS Attack fingerprint extraction tool : making a flow-based approach as precise as a packet-based.

[img] PDF
1MB
Abstract:Twenty years after one of the first Distributed Denial of Service (DDoS) attacks happened, this type of attack is still increasing in power and frequency. There are mainly two ways of recording an attack, packet-based and flow-based network measurements. While flow-based contains summarized information of packets and is more suitable to high-speed networks, packet-based contains more complete information for further mitigation purpose, specially attacks that are based on payload (e.g., application layer DDoS). Although against DDoS attacks usually more information leads to more precision on mitigating the attack, in this paper, the main contribution is to make usage of flow-based measurements as precise as packet-based on the task of extracting key characteristics of DDoS attacks. More than 250 attack traces were used for validating the methodology. The results show that, in a worst case, 88% of source IP addresses in a fingerprint extracted from a flow-based measurement is the same as in a packet-based. The remaining 12% is false negative, which means that no potentially legitimate traffic will be blocked in case such fingerprint would be used for blocking traffic.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Internet Science and Technology MSc (60032)
Link to this item:http://purl.utwente.nl/essays/79567
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page