Botnet identification in randomized DDoS attacks

摘要

Recent variants of Distributed Denial-of-Service (DDoS) attacks leverage the flexibility of application-layer protocols to disguise malicious activities as normal traffic patterns, while concurrently overwhelming the target destination with a large request rate. New countermeasures are necessary, aimed at guaranteeing an early and reliable identification of the compromised network nodes (the botnet). In this work we introduce a formal model for the aforementioned class of attacks, and we devise an inference algorithm that estimates the botnet hidden in the network, converging to the true solution as time progresses. Notably, the analysis is validated over real network traces.