Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis > publications : papers : 2001 : BackScatter
Inferring Internet Denial-of-Service Activity
D. Moore, G. Voelker, and S. Savage, "Inferring Internet Denial-of-Service Activity", in USENIX Security Symposium, Aug 2001.
|   View full paper:    PDF    Abstract    gzipped postscript    Press Coverage    Slides    |  Citation:    BibTeX    Resource Catalog   |

Inferring Internet Denial-of-Service Activity

David Moore1
Geoffrey Voelker2
Stefan Savage2

CAIDA, San Diego Supercomputer Center, University of California San Diego


Department of Computer Science and Engineering,
University of California, San Diego

In this paper, we seek to answer a simple question: ‟How prevalent are denial-of-service attacks in the Internet today?“. Our motivation is to understand quantitatively the nature of the current threat as well as to enable longer term analyses of trends and recurring patterns of attacks. We present a new technique, called ‟backscatter analysis“, that provides an estimate of worldwide denial-of service activity. We use this approach on three week-long datasets to assess the number, duration and focus of attacks, and to characterize their behavior. During this period, we observe more than 12,000 attacks against more than 5,000 distinct targets, ranging from well known e-commerce companies such as Amazon and Hotmail to small foreign ISPs and dial-up connections. We believe that our work is the only publically available data quantifying denial-of-service activity in the Internet.

Keywords: network telescope, security
  Last Modified: Tue Nov-17-2020 04:46:52 UTC
  Page URL: