Distributed Denial-of-Service (DDoS) attacks are usually launched through the$botnet$, an "army" of compromised nodes hidden in the network. Inferentialtools for DDoS mitigation should accordingly enable an early and reliablediscrimination of the normal users from the compromised ones. Unfortunately,the recent emergence of attacks performed at the application layer hasmultiplied the number of possibilities that a botnet can exploit to conceal itsmalicious activities. New challenges arise, which cannot be addressed by simplyborrowing the tools that have been successfully applied so far to earlier DDoSparadigms. In this work, we offer basically three contributions: $i)$ weintroduce an abstract model for the aforementioned class of attacks, where thebotnet emulates normal traffic by continually learning admissible patterns fromthe environment; $ii)$ we devise an inference algorithm that is shown toprovide a consistent (i.e., converging to the true solution as time progresses)estimate of the botnet possibly hidden in the network; and $iii)$ we verify thevalidity of the proposed inferential strategy over $real$ network traces.
展开▼
机译:分布式拒绝服务(DDoS)攻击通常是通过$ botnet $发起的,botnet $是隐藏在网络中的大量受感染节点。相应地,用于缓解DDoS的Inferential工具应能够将正常用户从受感染的用户中早期和可靠地区分开。不幸的是,最近在应用程序层执行的攻击的出现使僵尸网络可以利用其掩盖其恶意活动的可能性成倍增加。出现了新的挑战,而仅仅借用迄今为止已成功应用于早期DDoS范例的工具是无法解决的。在这项工作中,我们基本上提供了三点贡献:$ i)$为上述攻击类型引入一个抽象模型,其中僵尸网络通过不断从环境中学习可允许的模式来模拟正常流量;我们设计了一种推理算法,该算法被证明可以对可能隐藏在网络中的僵尸网络提供一致的估计(即随着时间的推移收敛到真实的解决方案);和$ iii)$,我们验证了在$ real $网络跟踪中提出的推论策略的有效性。
展开▼