Security '01 Abstract
Inferring Internet Denial-of-Service Activity
David Moore, CAIDA, San Diego Supercomputer Center, University of California, San Diego; Geoffrey M. Voelker and Stefan Savage,
Department of Computer Science and Engineering
University of California, San Diego
In this paper, we seek to answer a simple question: "How
prevalent are denial-of-service attacks in the Internet to-day?".
Our motivation is to understand quantitatively the
nature of the current threat as well as to enable longer-term
analyses of trends and recurring patterns of attacks.
We present a new technique, called "backscatter analysis",
that provides an estimate of worldwide denial-of-service
activity. We use this approach on three week-long
datasets to assess the number, duration and focus of attacks,
and to characterize their behavior. During this period,
we observe more than 12,000 attacks against more
than 5,000 distinct targets, ranging from well known e-commerce
companies such as Amazon and Hotmail to
small foreign ISPs and dial-up connections. We believe
that our work is the only publically available data quantifying
denial-of-service activity in the Internet.
- View the full text of this paper in
The Proceedings are published as a collective work, © 2001 by the USENIX Association. All Rights Reserved. Rights
to individual papers remain with the author or the author's employer.
Permission is granted for the noncommercial reproduction of the complete
work for educational or research purposes. USENIX acknowledges all
trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.