TY - GEN
T1 - Botnet Mapping Based on Intersections of Traces
AU - Alfasi, Erez
AU - Einziger, Gil
N1 - Publisher Copyright:
© 2022 ACM.
PY - 2022/1/4
Y1 - 2022/1/4
N2 - Volumetric attacks are a growing concern for current Internet services. These attacks overwhelm Internet services with requests that prevent legitimate users from accessing the service or dramatically increase operational costs. While bot networks account for most volumetric attacks, the current approaches focus on mitigating a single attack. Our work argues that botnets create distinct patterns that can be detected by analyzing multiple traces from previous attacks. We formalize this idea into concrete bot network mapping algorithms and demonstrate their effectiveness in diverse conditions. Such a mapping implies that mitigation of future attacks is considerably easier, threatening the business model behind bot networks.
AB - Volumetric attacks are a growing concern for current Internet services. These attacks overwhelm Internet services with requests that prevent legitimate users from accessing the service or dramatically increase operational costs. While bot networks account for most volumetric attacks, the current approaches focus on mitigating a single attack. Our work argues that botnets create distinct patterns that can be detected by analyzing multiple traces from previous attacks. We formalize this idea into concrete bot network mapping algorithms and demonstrate their effectiveness in diverse conditions. Such a mapping implies that mitigation of future attacks is considerably easier, threatening the business model behind bot networks.
UR - http://www.scopus.com/inward/record.url?scp=85124019425&partnerID=8YFLogxK
U2 - 10.1145/3491003.3491025
DO - 10.1145/3491003.3491025
M3 - Conference contribution
AN - SCOPUS:85124019425
T3 - ACM International Conference Proceeding Series
SP - 198
EP - 207
BT - ICDCN 2022 - Proceedings of the 2022 International Conference on Distributed Computing and Networking
PB - Association for Computing Machinery
T2 - 23rd International Conference on Distributed Computing and Networking, ICDCN 2022
Y2 - 4 January 2022 through 7 January 2022
ER -