Affiliation:
1. University of California San Diego, La Jolla, CA
Abstract
In this article, we seek to address a simple question: “How prevalent are denial-of-service attacks in the Internet?” Our motivation is to quantitatively understand the nature of the current threat as well as to enable longer-term analyses of trends and recurring patterns of attacks. We present a new technique, called “backscatter analysis,” that provides a conservative estimate of
worldwide
denial-of-service activity. We use this approach on 22 traces (each covering a week or more) gathered over three years from 2001 through 2004. Across this corpus we quantitatively assess the number, duration, and focus of attacks, and qualitatively characterize their behavior. In total, we observed over 68,000 attacks directed at over 34,000 distinct victim IP addresses---ranging from well-known e-commerce companies such as Amazon and Hotmail to small foreign ISPs and dial-up connections. We believe our technique is the first to provide quantitative estimates of Internet-wide denial-of-service activity and that this article describes the most comprehensive public measurements of such activity to date.
Publisher
Association for Computing Machinery (ACM)
Reference31 articles.
1. Bellovin S. M. 2000. ICMP Traceback Messages. Internet Draft: draft-bellovin-itrace-00.txt.]] Bellovin S. M. 2000. ICMP Traceback Messages. Internet Draft: draft-bellovin-itrace-00.txt.]]
2. Cisco Systems. 1997. Configuring TCP Intercept (Prevent Denial-of-Service Attacks). Cisco IOS Documentation.]] Cisco Systems. 1997. Configuring TCP Intercept (Prevent Denial-of-Service Attacks). Cisco IOS Documentation.]]
3. Cisco Systems. 1999. Unicast Reverse Path Forwarding. Cisco IOS Documentation.]] Cisco Systems. 1999. Unicast Reverse Path Forwarding. Cisco IOS Documentation.]]
Cited by
310 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献