Parallel Dissector

Parallel Processing of DDoS Data

Master thesis (2023)

Authors

A. Kazemi Koohbanani Electrical Engineering, Mathematics and Computer Science

Contributors

G. Smaragdakis Cyber Security - EEMCS (supervisor 1)
Giovane C. M. Moura Cyber Security - EEMCS (supervisor 1)
Q. Wang Embedded Systems - EEMCS (supervisor 2)
Faculty
Electrical Engineering, Mathematics and Computer Science
Copyright: © 2023 Paolo Arash Kazemi Koohbanani
DDoS Attack Parallel Dissector Spoof Detection Cyberattacks Scrubbing Center
More Info
expand_more

Published Date

11-07-2023

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

Distributed Denial of Service (DDoS) leverages the power of multiple servers to disrupt the operations of a victim service. Due to the financial risks posed by downtimes on critical online infrastructure, DDoS is among the top threats in the cybersecurity landscape.

In this paper, we analyze the characteristics of previously launched DDoS attacks using collected network data. To extract the characteristics from a network trace file, we expand the DDoS Dissector tool with additional statistics representing the peak traffic strength and the sources of the attack. In addition, we implement an algorithm to parallelize the analysis of large-scale attacks when executed in memory-constrained environments. Our results show that the error difference in the statistics obtained when running the parallelized version and the original one is less than 0.5%.

Furthermore, we investigate several DDoS attacks by analyzing the contained attack vectors and their corresponding characteristics. Our software correctly detects the attack vectors, however, we remark that the output quality is impacted by the percentage of non-attack traffic. In particular, we provide an overview of the current state of the DDoS landscape seen from the point of view of a scrubbing service and study the effect of a Booter takedown on the frequency of DDoS attacks. Lastly, we introduce spoof detection techniques based on the time-to-live value found in the packet headers. From the spoofing analysis, we can deduce the distribution of operating systems that make up the sources of the attack.