Fundamental scaling laws of covert DDoS attacks

Fundamental scaling laws of covert DDoS attacks

Botnets such as Mirai use insecure home devices to conduct distributed denial of service attacks on the Internet infrastructure. Although some of those attacks involve large amounts of traffic, they are generated from a large number of homes, which hampers their early detection. In this paper, our g...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Performance evaluation 2021-11, Vol.151, p.102236, Article 102236
Hauptverfasser: Ramtin, Amir Reza, Nain, Philippe, Menasche, Daniel Sadoc, Towsley, Don, de Souza e Silva, Edmundo
Format: Artikel
Sprache:eng
Schlagworte:
Computer Science
Covertness
DDoS attack
Gaussian mixture
Home networks
Hypothesis testing
Networking and Internet Architecture
Scaling laws
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page 102236
container_title Performance evaluation
container_volume 151
creator Ramtin, Amir Reza
Nain, Philippe
Menasche, Daniel Sadoc
Towsley, Don
de Souza e Silva, Edmundo
description Botnets such as Mirai use insecure home devices to conduct distributed denial of service attacks on the Internet infrastructure. Although some of those attacks involve large amounts of traffic, they are generated from a large number of homes, which hampers their early detection. In this paper, our goal is to answer the following question: what is the maximum amount of damage that a DDoS attacker can produce at the network edge without being detected? To that aim, we consider a statistical hypothesis testing approach for attack detection at the network edge. The proposed system assesses the goodness of fit of traffic models based on the ratio of their likelihoods. Under such a model, we show that the amount of traffic that can be generated by a covert attacker scales according to the square root of the number of compromised homes. We evaluate and validate the theoretical results using real data collected from thousands of home-routers connected to a mid-sized ISP.
doi_str_mv 10.1016/j.peva.2021.102236
format Article
fullrecord <record><control><sourceid>hal_cross</sourceid><recordid>TN_cdi_hal_primary_oai_HAL_hal_03372124v1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0166531621000535</els_id><sourcerecordid>oai_HAL_hal_03372124v1</sourcerecordid><originalsourceid>FETCH-LOGICAL-c378t-3a055418b5ba93373c790be533c74e28f3abfb89bd8760e18a1355ec94f31913</originalsourceid><addsrcrecordid>eNp9kE1Lw0AQhhdRsFb_gKdcPaTdj2x2A15Ka60Q8GAP3pbJZqJb06Tsxoj_3oSIR08zDO_zwjyE3DK6YJSly8PihD0sOOVsOHAu0jMyY1rxWCXy9ZzMhlAaS8HSS3IVwoFSKpWgM7LcfjYlHLHpoI6Chdo1b1ENXyFqq8i2Pfou2mzalwi6DuxHuCYXFdQBb37nnOy3D_v1Ls6fH5_Wqzy2QukuFkClTJguZAGZEEpYldECpRiWBLmuBBRVobOi1CqlyDQwISXaLKkEy5iYk7up9h1qc_LuCP7btODMbpWb8UaHUs540o9ZPmWtb0PwWP0BjJrRjjmY0Y4Z7ZjJzgDdTxAOT_QOvQnWYWOxdB5tZ8rW_Yf_ABe_a1k</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Fundamental scaling laws of covert DDoS attacks</title><source>Elsevier ScienceDirect Journals Complete - AutoHoldings</source><creator>Ramtin, Amir Reza ; Nain, Philippe ; Menasche, Daniel Sadoc ; Towsley, Don ; de Souza e Silva, Edmundo</creator><creatorcontrib>Ramtin, Amir Reza ; Nain, Philippe ; Menasche, Daniel Sadoc ; Towsley, Don ; de Souza e Silva, Edmundo</creatorcontrib><description>Botnets such as Mirai use insecure home devices to conduct distributed denial of service attacks on the Internet infrastructure. Although some of those attacks involve large amounts of traffic, they are generated from a large number of homes, which hampers their early detection. In this paper, our goal is to answer the following question: what is the maximum amount of damage that a DDoS attacker can produce at the network edge without being detected? To that aim, we consider a statistical hypothesis testing approach for attack detection at the network edge. The proposed system assesses the goodness of fit of traffic models based on the ratio of their likelihoods. Under such a model, we show that the amount of traffic that can be generated by a covert attacker scales according to the square root of the number of compromised homes. We evaluate and validate the theoretical results using real data collected from thousands of home-routers connected to a mid-sized ISP.</description><identifier>ISSN: 0166-5316</identifier><identifier>EISSN: 1872-745X</identifier><identifier>DOI: 10.1016/j.peva.2021.102236</identifier><language>eng</language><publisher>Elsevier B.V</publisher><subject>Computer Science ; Covertness ; DDoS attack ; Gaussian mixture ; Home networks ; Hypothesis testing ; Networking and Internet Architecture ; Scaling laws</subject><ispartof>Performance evaluation, 2021-11, Vol.151, p.102236, Article 102236</ispartof><rights>2021 Elsevier B.V.</rights><rights>Attribution</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c378t-3a055418b5ba93373c790be533c74e28f3abfb89bd8760e18a1355ec94f31913</citedby><cites>FETCH-LOGICAL-c378t-3a055418b5ba93373c790be533c74e28f3abfb89bd8760e18a1355ec94f31913</cites><orcidid>0000-0002-1192-0289 ; 0000-0003-0912-7860 ; 0000-0002-3186-0842 ; 0000-0002-8953-4003</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.peva.2021.102236$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>230,314,780,784,885,3548,27922,27923,45993</link.rule.ids><backlink>$$Uhttps://inria.hal.science/hal-03372124$$DView record in HAL$$Hfree_for_read</backlink></links><search><creatorcontrib>Ramtin, Amir Reza</creatorcontrib><creatorcontrib>Nain, Philippe</creatorcontrib><creatorcontrib>Menasche, Daniel Sadoc</creatorcontrib><creatorcontrib>Towsley, Don</creatorcontrib><creatorcontrib>de Souza e Silva, Edmundo</creatorcontrib><title>Fundamental scaling laws of covert DDoS attacks</title><title>Performance evaluation</title><description>Botnets such as Mirai use insecure home devices to conduct distributed denial of service attacks on the Internet infrastructure. Although some of those attacks involve large amounts of traffic, they are generated from a large number of homes, which hampers their early detection. In this paper, our goal is to answer the following question: what is the maximum amount of damage that a DDoS attacker can produce at the network edge without being detected? To that aim, we consider a statistical hypothesis testing approach for attack detection at the network edge. The proposed system assesses the goodness of fit of traffic models based on the ratio of their likelihoods. Under such a model, we show that the amount of traffic that can be generated by a covert attacker scales according to the square root of the number of compromised homes. We evaluate and validate the theoretical results using real data collected from thousands of home-routers connected to a mid-sized ISP.</description><subject>Computer Science</subject><subject>Covertness</subject><subject>DDoS attack</subject><subject>Gaussian mixture</subject><subject>Home networks</subject><subject>Hypothesis testing</subject><subject>Networking and Internet Architecture</subject><subject>Scaling laws</subject><issn>0166-5316</issn><issn>1872-745X</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><recordid>eNp9kE1Lw0AQhhdRsFb_gKdcPaTdj2x2A15Ka60Q8GAP3pbJZqJb06Tsxoj_3oSIR08zDO_zwjyE3DK6YJSly8PihD0sOOVsOHAu0jMyY1rxWCXy9ZzMhlAaS8HSS3IVwoFSKpWgM7LcfjYlHLHpoI6Chdo1b1ENXyFqq8i2Pfou2mzalwi6DuxHuCYXFdQBb37nnOy3D_v1Ls6fH5_Wqzy2QukuFkClTJguZAGZEEpYldECpRiWBLmuBBRVobOi1CqlyDQwISXaLKkEy5iYk7up9h1qc_LuCP7btODMbpWb8UaHUs540o9ZPmWtb0PwWP0BjJrRjjmY0Y4Z7ZjJzgDdTxAOT_QOvQnWYWOxdB5tZ8rW_Yf_ABe_a1k</recordid><startdate>202111</startdate><enddate>202111</enddate><creator>Ramtin, Amir Reza</creator><creator>Nain, Philippe</creator><creator>Menasche, Daniel Sadoc</creator><creator>Towsley, Don</creator><creator>de Souza e Silva, Edmundo</creator><general>Elsevier B.V</general><general>Elsevier</general><scope>AAYXX</scope><scope>CITATION</scope><scope>1XC</scope><scope>VOOES</scope><orcidid>https://orcid.org/0000-0002-1192-0289</orcidid><orcidid>https://orcid.org/0000-0003-0912-7860</orcidid><orcidid>https://orcid.org/0000-0002-3186-0842</orcidid><orcidid>https://orcid.org/0000-0002-8953-4003</orcidid></search><sort><creationdate>202111</creationdate><title>Fundamental scaling laws of covert DDoS attacks</title><author>Ramtin, Amir Reza ; Nain, Philippe ; Menasche, Daniel Sadoc ; Towsley, Don ; de Souza e Silva, Edmundo</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c378t-3a055418b5ba93373c790be533c74e28f3abfb89bd8760e18a1355ec94f31913</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Computer Science</topic><topic>Covertness</topic><topic>DDoS attack</topic><topic>Gaussian mixture</topic><topic>Home networks</topic><topic>Hypothesis testing</topic><topic>Networking and Internet Architecture</topic><topic>Scaling laws</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Ramtin, Amir Reza</creatorcontrib><creatorcontrib>Nain, Philippe</creatorcontrib><creatorcontrib>Menasche, Daniel Sadoc</creatorcontrib><creatorcontrib>Towsley, Don</creatorcontrib><creatorcontrib>de Souza e Silva, Edmundo</creatorcontrib><collection>CrossRef</collection><collection>Hyper Article en Ligne (HAL)</collection><collection>Hyper Article en Ligne (HAL) (Open Access)</collection><jtitle>Performance evaluation</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ramtin, Amir Reza</au><au>Nain, Philippe</au><au>Menasche, Daniel Sadoc</au><au>Towsley, Don</au><au>de Souza e Silva, Edmundo</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Fundamental scaling laws of covert DDoS attacks</atitle><jtitle>Performance evaluation</jtitle><date>2021-11</date><risdate>2021</risdate><volume>151</volume><spage>102236</spage><pages>102236-</pages><artnum>102236</artnum><issn>0166-5316</issn><eissn>1872-745X</eissn><abstract>Botnets such as Mirai use insecure home devices to conduct distributed denial of service attacks on the Internet infrastructure. Although some of those attacks involve large amounts of traffic, they are generated from a large number of homes, which hampers their early detection. In this paper, our goal is to answer the following question: what is the maximum amount of damage that a DDoS attacker can produce at the network edge without being detected? To that aim, we consider a statistical hypothesis testing approach for attack detection at the network edge. The proposed system assesses the goodness of fit of traffic models based on the ratio of their likelihoods. Under such a model, we show that the amount of traffic that can be generated by a covert attacker scales according to the square root of the number of compromised homes. We evaluate and validate the theoretical results using real data collected from thousands of home-routers connected to a mid-sized ISP.</abstract><pub>Elsevier B.V</pub><doi>10.1016/j.peva.2021.102236</doi><orcidid>https://orcid.org/0000-0002-1192-0289</orcidid><orcidid>https://orcid.org/0000-0003-0912-7860</orcidid><orcidid>https://orcid.org/0000-0002-3186-0842</orcidid><orcidid>https://orcid.org/0000-0002-8953-4003</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 0166-5316
ispartof Performance evaluation, 2021-11, Vol.151, p.102236, Article 102236
issn 0166-5316
1872-745X
language eng
recordid cdi_hal_primary_oai_HAL_hal_03372124v1
source Elsevier ScienceDirect Journals Complete - AutoHoldings
subjects Computer Science
Covertness
DDoS attack
Gaussian mixture
Home networks
Hypothesis testing
Networking and Internet Architecture
Scaling laws
title Fundamental scaling laws of covert DDoS attacks
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-09T12%3A54%3A51IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-hal_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Fundamental%20scaling%20laws%20of%20covert%20DDoS%20attacks&rft.jtitle=Performance%20evaluation&rft.au=Ramtin,%20Amir%20Reza&rft.date=2021-11&rft.volume=151&rft.spage=102236&rft.pages=102236-&rft.artnum=102236&rft.issn=0166-5316&rft.eissn=1872-745X&rft_id=info:doi/10.1016/j.peva.2021.102236&rft_dat=%3Chal_cross%3Eoai_HAL_hal_03372124v1%3C/hal_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_els_id=S0166531621000535&rfr_iscdi=true