|
Activity Number:
|
174
|
|
Type:
|
Contributed
|
|
Date/Time:
|
Monday, August 4, 2003 : 2:00 PM to 3:50 PM
|
|
Sponsor:
|
Section on Statistical Computing
|
| Abstract - #300363 |
|
Title:
|
A Backscatter Characterization of Denial-of-Service Attacks
|
|
Author(s):
|
Kendall Giles*+ and David J. Marchette and Carey E. Priebe
|
|
Companies:
|
Association for Computing Machinery and Naval Surface Warfare Center Dahlgren Division and Johns Hopkins University
|
|
Address:
|
7694 Willow Point Dr., Falls Church, VA, 22042-7532,
|
|
Keywords:
|
stochastic models ; network security ; backscatter ; denial-of-service attacks
|
|
Abstract:
|
We present a characterization of denial-of-service attacks using backscatter analysis, a method of inferring network attack activity using packets that are artifacts of a type of denial-of-service attack. First, using empirical data we show examples of network traffic that shows denial-of-service attacks and backscatter packets. From this we generate a framework within which to consider the backscatter problem. Second, we detail how a host can generate backscatter as a result of receiving a certain type of denial-of-service attack packet. This gives us insight into what is happening at the network packet protocol level. Third, we quantify the different ways that a denial-of-service attack can generate backscatter packets by collecting and analyzing empirical network packet data. This leads to the development of a set of criteria to be used in detecting denial-of-service attacks from backscatter packets. Fourth, we propose mathematical models of backscatter packets and evaluate these models against simulated and empirical data. These backscatter models give us insight into a characterization of denial-of-service attacks and how network hosts are affected by these attacks.
|
