Scan, Test, Execute: Adversarial Tactics in Amplification DDoS Attacks
Harm Griffioen, Kris Oosthoek, Paul van der Knaap, Christian Doerr
Abstract
Amplification attacks generate an enormous flood of unwanted traffic towards a victim and are generated with the help of open, unsecured services, to which an adversary sends spoofed service requests that trigger large answer volumes to a victim. However, the actual execution of the packet flood is only one of the activities necessary for a successful attack. Adversaries need, for example, to develop attack tools, select open services to abuse, test them, and adapt the attacks if necessary, each of which can be implemented in myriad ways. Thus, to understand the entire ecosystem and how adversaries work, we need to look at the entire chain of activities.
Topics & Concepts
Denial-of-service attackComputer securityAdversaryComputer scienceAdversarial systemSpoofing attackBotnetNetwork packetService (business)Test (biology)Internet privacyBusinessThe InternetWorld Wide WebMarketingBiologyArtificial intelligencePaleontologyNetwork Security and Intrusion DetectionAdvanced Malware Detection TechniquesCybercrime and Law Enforcement Studies