Seo, Sin-seok
(Dept. of Computer Science and Engineering, Pohang University of Science and Technology, (POSTECH), Korea)
,
Won, Young J.
(IIJ Research Lab., Japan)
,
Hong, James Won-Ki
(Division of IT Convergence Engineering, Pohang University of Science and Technology, (POSTECH), Korea)
In July 2009, surprising large-scale Distributed Denial-of-Service (DDoS) attacks simultaneously targeted US and South Korean government, military, and commercial websites. Initial speculation was that this was well-designed cyber warfare from North Korea, but the truth is still unknown. What was ev...
In July 2009, surprising large-scale Distributed Denial-of-Service (DDoS) attacks simultaneously targeted US and South Korean government, military, and commercial websites. Initial speculation was that this was well-designed cyber warfare from North Korea, but the truth is still unknown. What was even more surprising was how these critical infrastructures were still vulnerable after a decade of research on DDoS attacks. These particular incidents, the so-called 7.7 (July 7th) DDoS attacks, were highlighted not just because of their success but also because of their well-coordinated strategy. The 3.3 (March 3rd, 2011) DDoS attacks had similar characteristics to the 7.7 DDoS attacks, but they were not as successful because of the rapid vaccination of the zombie hosts. In this paper, we suggest that it is worthwhile to take a step back from the target side of the DDoS attacks and look at the problem in terms of network traffic from the attacker's side. We collected a unique large-scale sample of DDoS attack traffic from the two real-world incidents (not simulated), and we provide an analysis of traffic patterns from the perspective of the attacker's hosting network.
In July 2009, surprising large-scale Distributed Denial-of-Service (DDoS) attacks simultaneously targeted US and South Korean government, military, and commercial websites. Initial speculation was that this was well-designed cyber warfare from North Korea, but the truth is still unknown. What was even more surprising was how these critical infrastructures were still vulnerable after a decade of research on DDoS attacks. These particular incidents, the so-called 7.7 (July 7th) DDoS attacks, were highlighted not just because of their success but also because of their well-coordinated strategy. The 3.3 (March 3rd, 2011) DDoS attacks had similar characteristics to the 7.7 DDoS attacks, but they were not as successful because of the rapid vaccination of the zombie hosts. In this paper, we suggest that it is worthwhile to take a step back from the target side of the DDoS attacks and look at the problem in terms of network traffic from the attacker's side. We collected a unique large-scale sample of DDoS attack traffic from the two real-world incidents (not simulated), and we provide an analysis of traffic patterns from the perspective of the attacker's hosting network.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.