Proactive Botnet Detection : Through Characterization of Distributed Denial of Service Attacks
In this quantitative quasi-experimental study two distributed denial of service attacks were captured and the characteristics of the attacks were used to detect botnets by identifying egressing distributed denial of service attack packets at the source of the attack. A sample Dark DDoSer botnet was constructed and used to launch a distributed denial of service attack. The characteristics of the distributed denial of service attacks were used as the independent variables in a quasi-experiment where network traffic was monitored with Snort to detect DDoS packets. The dependent variable for the experiment was false positive alerts for the DDoS packets. The findings showed that the characteristics of a distributed denial of service attack can be used to pro-actively detect botnets through egress monitoring.
- Paperback | 126 pages
- 216 x 280 x 7mm | 308g
- 09 Apr 2015
- United States
- black & white illustrations
About Dr Thomas S Hyslip
Dr. Hyslip is currently an adjunct faculty member at Norwich University and Wake Technical Community College. Dr. Hyslip received his Doctor of Science degree in Information Assurance from Capitol College in 2014, and he previously obtained a Master of Science degree from East Carolina University and a Bachelor of Science degree from Clarkson University. He is a Certified Ethical Hacker C-EH, and certified forensic examiner.