D. Moore, G. Voelker, and S. Savage, "Inferring Internet Denial-of-Service Activity", in USENIX Security Symposium, Aug 2001.
|Inferring Internet Denial-of-Service Activity|
|Published:||USENIX Security Symposium, 2001|
|Abstract:||In this paper, we seek to answer a simple question: "How prevalent are denial-of-service attacks in the Internet today?". Our motivation is to understand quantitatively the nature of the current threat a s well as to enable longer-term analyses of trends and recurring patterns of attacks. We present a new t echnique, called "backscatter analysis", that provides an estimate of worldwide denial-of-service activit y. We use this approach on three week-long datasets to assess the number, duration and focus of attacks, and to characterize their behavior. During this period, we observe more than 12,000 attacks against mor e than 5,000 distinct targets, ranging from well known e-commerce companies such as Amazon and Hotmail to small foreign ISPs and dial-up connections. We believe that our work is the only publically available d ata quantifying denial-of-service activity in the Internet.|