Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
Security '01 Abstract

Inferring Internet Denial-of-Service Activity

David Moore, CAIDA, San Diego Supercomputer Center, University of California, San Diego; Geoffrey M. Voelker and Stefan Savage, Department of Computer Science and Engineering University of California, San Diego

Abstract

In this paper, we seek to answer a simple question: "How prevalent are denial-of-service attacks in the Internet to-day?". Our motivation is to understand quantitatively the nature of the current threat as well as to enable longer-term analyses of trends and recurring patterns of attacks. We present a new technique, called "backscatter analysis", that provides an estimate of worldwide denial-of-service activity. We use this approach on three week-long datasets to assess the number, duration and focus of attacks, and to characterize their behavior. During this period, we observe more than 12,000 attacks against more than 5,000 distinct targets, ranging from well known e-commerce companies such as Amazon and Hotmail to small foreign ISPs and dial-up connections. We believe that our work is the only publically available data quantifying denial-of-service activity in the Internet.
  • View the full text of this paper in PDF.
    The Proceedings are published as a collective work, © 2001 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.

  • If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.

  • To become a USENIX Member, please see our Membership Information.

?Need help? Use our Contacts page.

Last changed: 30 Apr 2002 ml
Technical Program
Security '01 Home
USENIX home