English | April 7, 2015 | ASIN: B00VU1TNXS | 108 Pages | AZW3/EPUB/MOBI/PDF (conv) | 5 MB
In this study two distributed denial of service attacks were captured and the characteristics of the attacks were used to detect botnets by identifying egressing distributed denial of service attack packets at the source of the attack.
A sample Dark DDoSer botnet was constructed and used to launch a distributed denial of service attack, and a Black Energy DDoS attack was captured. The characteristics of the distributed denial of service attacks were used as the independent variables in a quasi-experiment where network traffic was monitored with Snort to detect DDoS packets. The dependent variable for the experiment was false positive alerts for the DDoS packets. The findings showed that the characteristics of a distributed denial of service attack can be used to pro-actively detect botnets through egress monitoring.