Booter list generation: The basis for investigating DDoS-for-hire websites

José Jair Santanna, Joey de Vries, Ricardo O. Schmidt, Daphne Tuncer, Lisandro Zambenedetti Granville, Aiko Pras: Booter list generation: The basis for investigating DDoS-for-hire websites. In: International Journal of Network Management (IJNM), vol. 28, no. 1, pp. 1–17, 2018, (e2008 nem.2008).

Abstract

Summary The expansion of Distributed Denial of Service (DDoS)–for-hire websites, known as Booters, has radically modified both the scope and stakes of DDoS attacks. Until recently, however, Booters have only received little attention from the research community. Given their impact, addressing the challenges associated with this phenomenon is crucial. In this paper, we present a rigorous methodology to identify a comprehensive set of existing Booters in the Internet. Before presenting our methodology, we illustrate the benefits of a set of booters on monitoring users from the Dutch NREN, SURFNet, from 2015 to 2017. Our methodology relies on well-defined mechanisms to generate a Booter list, from crawling suspect URLs to characterizing and classifying the collected URLs. The list obtained using the methodology presented in this paper has a classification accuracy of 95.5%, which is 10.5% better compared to previous work.


Links


BibTeX (Download)

@article{doi_10_1002_nem_2008,
title = {Booter list generation: The basis for investigating DDoS-for-hire websites},
author = {José Jair Santanna and Joey de Vries and Ricardo O. Schmidt and Daphne Tuncer and Lisandro Zambenedetti Granville and Aiko Pras},
doi = {10.1002/nem.2008},
year  = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {International Journal of Network Management (IJNM)},
volume = {28},
number = {1},
pages = {1--17},
abstract = {Summary The expansion of Distributed Denial of Service (DDoS)–for-hire websites, known as Booters, has radically modified both the scope and stakes of DDoS attacks. Until recently, however, Booters have only received little attention from the research community. Given their impact, addressing the challenges associated with this phenomenon is crucial. In this paper, we present a rigorous methodology to identify a comprehensive set of existing Booters in the Internet. Before presenting our methodology, we illustrate the benefits of a set of booters on monitoring users from the Dutch NREN, SURFNet, from 2015 to 2017. Our methodology relies on well-defined mechanisms to generate a Booter list, from crawling suspect URLs to characterizing and classifying the collected URLs. The list obtained using the methodology presented in this paper has a classification accuracy of 95.5%, which is 10.5% better compared to previous work.},
note = {e2008 nem.2008},
keywords = {},
pubstate = {published},
tppubtype = {article}
}