Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis > publications : papers : 2001 : BackScatter
Inferring Internet Denial-of-Service Activity
D. Moore, G. Voelker, and S. Savage, "Inferring Internet Denial-of-Service Activity", in USENIX Security Symposium, Aug 2001.
|   View full paper:    Abstract    gzipped postscript    PDF    Press Coverage    Slides    |  Citation:    BibTeX   |

Inferring Internet Denial-of-Service Activity

David Moore 1
Geoffrey Voelker 2
Stefan Savage 2

CAIDA, San Diego Supercomputer Center, University of California San Diego


Department of Computer Science and Engineering,
University of California, San Diego

In this paper, we seek to answer a simple question: ‟How prevalent are denial-of-service attacks in the Internet today?“. Our motivation is to understand quantitatively the nature of the current threat as well as to enable longer term analyses of trends and recurring patterns of attacks. We present a new technique, called ‟backscatter analysis“, that provides an estimate of worldwide denial-of service activity. We use this approach on three week-long datasets to assess the number, duration and focus of attacks, and to characterize their behavior. During this period, we observe more than 12,000 attacks against more than 5,000 distinct targets, ranging from well known e-commerce companies such as Amazon and Hotmail to small foreign ISPs and dial-up connections. We believe that our work is the only publically available data quantifying denial-of-service activity in the Internet.

Keywords: network telescope, security
  Last Modified: Thu Jul-13-2017 13:00:53 PDT
  Page URL: