WEKO3
アイテム
Characteristics Comparison between Carpet Bombing-type and Single Target DRDoS Attacks Observed by Honeypot
https://ipsj.ixsq.nii.ac.jp/records/239361
https://ipsj.ixsq.nii.ac.jp/records/239361a82b0bec-fbe1-4f2a-9a4d-7617f853c6fe
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6509007.pdf (7.0 MB)
2026年9月15日からダウンロード可能です。
|
Copyright (c) 2024 by the Information Processing Society of Japan
|
|
| 非会員:¥0, IPSJ:学会員:¥0, 論文誌:会員:¥0, DLIB:会員:¥0 | ||
| Item type | Journal(1) | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2024-09-15 | |||||||||||||||
| タイトル | ||||||||||||||||
| タイトル | Characteristics Comparison between Carpet Bombing-type and Single Target DRDoS Attacks Observed by Honeypot | |||||||||||||||
| タイトル | ||||||||||||||||
| 言語 | en | |||||||||||||||
| タイトル | Characteristics Comparison between Carpet Bombing-type and Single Target DRDoS Attacks Observed by Honeypot | |||||||||||||||
| 言語 | ||||||||||||||||
| 言語 | eng | |||||||||||||||
| キーワード | ||||||||||||||||
| 主題Scheme | Other | |||||||||||||||
| 主題 | [特集:サプライチェーンを安全にするサイバーセキュリティ技術] DRDoS Attack, Carpet Bombing | |||||||||||||||
| 資源タイプ | ||||||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||||
| 資源タイプ | journal article | |||||||||||||||
| 著者所属 | ||||||||||||||||
| Yokohama National University | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| National Institute of Information and Communications Technology/Institute of Advanced Sciences, Yokohama National University | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Delft University of Technology, Faculty of Technology, Policy and Management | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Yokohama National University/Institute of Advanced Sciences, Yokohama National University | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Yokohama National University/Institute of Advanced Sciences, Yokohama National University/Cyber Physical Security Research Center, AIST | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Yokohama National University | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| National Institute of Information and Communications Technology / Institute of Advanced Sciences, Yokohama National University | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Delft University of Technology, Faculty of Technology, Policy and Management | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Yokohama National University / Institute of Advanced Sciences, Yokohama National University | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Yokohama National University / Institute of Advanced Sciences, Yokohama National University / Cyber Physical Security Research Center, AIST | ||||||||||||||||
| 著者名 |
Qingxin, Mao
× Qingxin, Mao
× Daisuke, Makita
× Michel, van Eeten
× Katsunari, Yoshioka
× Tsutomu, Matsumoto
|
|||||||||||||||
| 著者名(英) |
Qingxin, Mao
× Qingxin, Mao
× Daisuke, Makita
× Michel, van Eeten
× Katsunari, Yoshioka
× Tsutomu, Matsumoto
|
|||||||||||||||
| 論文抄録 | ||||||||||||||||
| 内容記述タイプ | Other | |||||||||||||||
| 内容記述 | Carpet bombing-type DDoS attacks targeting a wide-range network rather than a single IP address have threatened the Internet. Some researchers have investigated the characteristics of single-target DDoS attacks. Still, much less is known about the characteristics of carpet bombing, even the differences between them. In this paper, we profile characteristics of carpet bombing via data from amplification DDoS honeypots and the differences between single-target DRDoS attacks and carpet bombing. We analyze attacks highly concentrated on a specific network on victims, duration, number of packets, ports, and TTLs, and describe the differences between single-target DRDoS attacks and carpet bombing. Our analysis at the level of Autonomous Systems demonstrates that carpet bombing attacks target more hosting networks, including some critical targets, than single-target attacks. We found carpet bombing attacks targeting more “Corporate” networks. We also found that each IP address targeted by carpet bombing receives fewer packets than single-target DRDoS attacks. According to the result of the comparison of attack duration and TTL, carpet bombing lasted longer and referred to having diverse values of TTL in the packets. On the contrary, most single-target DRDoS attacks have a single value of TTL in the packets. This implies carpet bombing has a higher probability of originating from multiple sources. Finally, comparing ports shows that using various ports for Carpet Bombing is highly proportional to single-target DRDoS attacks. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.32(2024) (online) DOI http://dx.doi.org/10.2197/ipsjjip.32.731 ------------------------------ |
|||||||||||||||
| 論文抄録(英) | ||||||||||||||||
| 内容記述タイプ | Other | |||||||||||||||
| 内容記述 | Carpet bombing-type DDoS attacks targeting a wide-range network rather than a single IP address have threatened the Internet. Some researchers have investigated the characteristics of single-target DDoS attacks. Still, much less is known about the characteristics of carpet bombing, even the differences between them. In this paper, we profile characteristics of carpet bombing via data from amplification DDoS honeypots and the differences between single-target DRDoS attacks and carpet bombing. We analyze attacks highly concentrated on a specific network on victims, duration, number of packets, ports, and TTLs, and describe the differences between single-target DRDoS attacks and carpet bombing. Our analysis at the level of Autonomous Systems demonstrates that carpet bombing attacks target more hosting networks, including some critical targets, than single-target attacks. We found carpet bombing attacks targeting more “Corporate” networks. We also found that each IP address targeted by carpet bombing receives fewer packets than single-target DRDoS attacks. According to the result of the comparison of attack duration and TTL, carpet bombing lasted longer and referred to having diverse values of TTL in the packets. On the contrary, most single-target DRDoS attacks have a single value of TTL in the packets. This implies carpet bombing has a higher probability of originating from multiple sources. Finally, comparing ports shows that using various ports for Carpet Bombing is highly proportional to single-target DRDoS attacks. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.32(2024) (online) DOI http://dx.doi.org/10.2197/ipsjjip.32.731 ------------------------------ |
|||||||||||||||
| 書誌レコードID | ||||||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||||||
| 収録物識別子 | AN00116647 | |||||||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 65, 号 9, 発行日 2024-09-15 |
|||||||||||||||
| ISSN | ||||||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||||||
| 公開者 | ||||||||||||||||
| 言語 | ja | |||||||||||||||
| 出版者 | 情報処理学会 | |||||||||||||||
