Not logged in.
Quick Search - Contribution
Contribution Details
| Type | Master's Thesis |
| Scope | Discipline-based scholarship |
| Title | Reassembler - Towards a Global DDoS Attack Analysis Using Attack Fingerprints |
| Organization Unit | |
| Authors |
|
| Supervisors |
|
| Language |
|
| Institution | University of Zurich |
| Faculty | Faculty of Business, Economics and Informatics |
| Date | 2023 |
| Abstract Text | In recent years, the frequency and scale of Distributed Denial-of-Service (DDoS) attacks have increased significantly, yet they remain an unsolved problem. Many intrusion detection systems employ shared attack fingerprints and signatures as a standard practice to detect cyber attacks. For DDoS attacks, a single attack fingerprint typically is not enough to detect other attacks of the same kind. However, attack fingerprints can still be useful, especially when the same attack is observed from multiple locations. Thus, this work proposes Reassembler, a tool that enables global analysis of DDoS attacks based on attack fingerprints recorded at different locations. For this, multiple attack scenarios are specified using a custom-built simulated network. Based on the attack scenarios, the Reassembler solution is implemented, analyzing and aggregating attack fingerprints into a global view. Reassembler is evaluated based on four simulated and one real use case (based on real DDoS network traces), demonstrating that the Reassembler can derive interesting properties such as the number of intermediate nodes or the estimated percentage of spoofed IPs. Based on different experiments, it is shown under which circumstances the Reassembler performs best and where improvements are needed. |
| PDF File |
Download
|
| Export |
BibTeX
|