{"links":{},"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00239361","sets":["581:11492:11502"]},"path":["11502"],"owner":"44499","recid":"239361","title":["Characteristics Comparison between Carpet Bombing-type and Single Target DRDoS Attacks Observed by Honeypot"],"pubdate":{"attribute_name":"公開日","attribute_value":"2024-09-15"},"_buckets":{"deposit":"b7828144-6cc8-4f9c-bde7-566efdb24aaf"},"_deposit":{"id":"239361","pid":{"type":"depid","value":"239361","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"Characteristics Comparison between Carpet Bombing-type and Single Target DRDoS Attacks Observed by Honeypot","author_link":["656005","656009","656007","656010","656003","656006","656001","656002","656004","656008"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Characteristics Comparison between Carpet Bombing-type and Single Target DRDoS Attacks Observed by Honeypot"},{"subitem_title":"Characteristics Comparison between Carpet Bombing-type and Single Target DRDoS Attacks Observed by Honeypot","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集:サプライチェーンを安全にするサイバーセキュリティ技術] DRDoS Attack, Carpet Bombing","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2024-09-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"Yokohama National University"},{"subitem_text_value":"National Institute of Information and Communications Technology／Institute of Advanced Sciences, Yokohama National University"},{"subitem_text_value":"Delft University of Technology, Faculty of Technology, Policy and Management"},{"subitem_text_value":"Yokohama National University／Institute of Advanced Sciences, Yokohama National University"},{"subitem_text_value":"Yokohama National University／Institute of Advanced Sciences, Yokohama National University／Cyber Physical Security Research Center, AIST"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Yokohama National University","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology / Institute of Advanced Sciences, Yokohama National University","subitem_text_language":"en"},{"subitem_text_value":"Delft University of Technology, Faculty of Technology, Policy and Management","subitem_text_language":"en"},{"subitem_text_value":"Yokohama National University / Institute of Advanced Sciences, Yokohama National University","subitem_text_language":"en"},{"subitem_text_value":"Yokohama National University / Institute of Advanced Sciences, Yokohama National University / Cyber Physical Security Research Center, AIST","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"eng"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/239361/files/IPSJ-JNL6509007.pdf","label":"IPSJ-JNL6509007.pdf"},"date":[{"dateType":"Available","dateValue":"2026-09-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL6509007.pdf","filesize":[{"value":"7.0 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"5"},{"tax":["include_tax"],"price":"0","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"f2d6906f-6dc7-49ba-8fa0-e503b3f07ef4","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Qingxin, Mao"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Daisuke, Makita"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Michel, van Eeten"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Katsunari, Yoshioka"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tsutomu, Matsumoto"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Qingxin, Mao","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Daisuke, Makita","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Michel, van Eeten","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Katsunari, Yoshioka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tsutomu, Matsumoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_publisher_15":{"attribute_name":"公開者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Carpet bombing-type DDoS attacks targeting a wide-range network rather than a single IP address have threatened the Internet. Some researchers have investigated the characteristics of single-target DDoS attacks. Still, much less is known about the characteristics of carpet bombing, even the differences between them. In this paper, we profile characteristics of carpet bombing via data from amplification DDoS honeypots and the differences between single-target DRDoS attacks and carpet bombing. We analyze attacks highly concentrated on a specific network on victims, duration, number of packets, ports, and TTLs, and describe the differences between single-target DRDoS attacks and carpet bombing. Our analysis at the level of Autonomous Systems demonstrates that carpet bombing attacks target more hosting networks, including some critical targets, than single-target attacks. We found carpet bombing attacks targeting more “Corporate” networks. We also found that each IP address targeted by carpet bombing receives fewer packets than single-target DRDoS attacks. According to the result of the comparison of attack duration and TTL, carpet bombing lasted longer and referred to having diverse values of TTL in the packets. On the contrary, most single-target DRDoS attacks have a single value of TTL in the packets. This implies carpet bombing has a higher probability of originating from multiple sources. Finally, comparing ports shows that using various ports for Carpet Bombing is highly proportional to single-target DRDoS attacks.\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.32(2024) (online)\nDOI　http://dx.doi.org/10.2197/ipsjjip.32.731\n------------------------------","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Carpet bombing-type DDoS attacks targeting a wide-range network rather than a single IP address have threatened the Internet. Some researchers have investigated the characteristics of single-target DDoS attacks. Still, much less is known about the characteristics of carpet bombing, even the differences between them. In this paper, we profile characteristics of carpet bombing via data from amplification DDoS honeypots and the differences between single-target DRDoS attacks and carpet bombing. We analyze attacks highly concentrated on a specific network on victims, duration, number of packets, ports, and TTLs, and describe the differences between single-target DRDoS attacks and carpet bombing. Our analysis at the level of Autonomous Systems demonstrates that carpet bombing attacks target more hosting networks, including some critical targets, than single-target attacks. We found carpet bombing attacks targeting more “Corporate” networks. We also found that each IP address targeted by carpet bombing receives fewer packets than single-target DRDoS attacks. According to the result of the comparison of attack duration and TTL, carpet bombing lasted longer and referred to having diverse values of TTL in the packets. On the contrary, most single-target DRDoS attacks have a single value of TTL in the packets. This implies carpet bombing has a higher probability of originating from multiple sources. Finally, comparing ports shows that using various ports for Carpet Bombing is highly proportional to single-target DRDoS attacks.\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.32(2024) (online)\nDOI　http://dx.doi.org/10.2197/ipsjjip.32.731\n------------------------------","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicIssueDates":{"bibliographicIssueDate":"2024-09-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"65"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T01:42:57.882472+00:00","updated":"2025-01-19T08:18:28.464747+00:00","id":239361}