2021 IEEE International Conference on Acoustics, Speech and Signal Processing

6-11 June 2021 • Toronto, Ontario, Canada

Extracting Knowledge from Information

2021 IEEE International Conference on Acoustics, Speech and Signal Processing

6-11 June 2021 • Toronto, Ontario, Canada

Extracting Knowledge from Information
Login Paper Search My Schedule Paper Index Help

My ICASSP 2021 Schedule

Note: Your custom schedule will not be saved unless you create a new account or login to an existing account.
  1. Create a login based on your email (takes less than one minute)
  2. Perform 'Paper Search'
  3. Select papers that you desire to save in your personalized schedule
  4. Click on 'My Schedule' to see the current list of selected papers
  5. Click on 'Printable Version' to create a separate window suitable for printing (the header and menu will appear, but will not actually print)

Paper Detail

Paper IDIFS-5.2
Paper Title APPLICATION-LAYER DDOS ATTACKS WITH MULTIPLE EMULATION DICTIONARIES
Authors Michele Cirillo, Mario Di Mauro, Vincenzo Matta, Marco Tambasco, University of Salerno, Italy
SessionIFS-5: Privacy and Information Security
LocationGather.Town
Session Time:Thursday, 10 June, 15:30 - 16:15
Presentation Time:Thursday, 10 June, 15:30 - 16:15
Presentation Poster
Topic Information Forensics and Security: [NET] Network Security
IEEE Xplore Open Preview  Click here to view in IEEE Xplore
Abstract We consider the problem of identifying the members of a botnet under an application-layer (L7) DDoS attack, where a target site is flooded with a large number of requests that emulate legitimate users' patterns. This challenging problem has been recently addressed with reference to two simplified scenarios, where either all bots pick requests from the same emulation dictionary (total overlap), or they are divided in separate clusters corresponding to distinct emulation dictionaries (no overlap at all). However, over real networks these two extreme conditions are difficult to realize, and the intermediate situation is observed where the emulation patterns of distinct bots belong to partially overlapped dictionaries. This intermediate situation introduces significant sophistication in the bot identification problem. In order to address this issue, we provide an analytical characterization of the pairwise cluster interaction, which is exploited to devise an identification rule to discriminate legitimate users from bots and to identify the individual bot clusters.