Identifying and determining behaviors of attack gangs is not only an advanced stage of the network security event tracing and analysis, but also a core step of large-scale combat and punishment of cyber attacks. Most of the work in the field of distributed denial of service (DDoS) attack analysis has focused on DDoS attack detection, and a part of the work involves the research of DDoS attack sourcing. We find that very little work has been done on the mining and analysis of DDoS attack gangs. DDoS attack gangs naturally have the attributes of human community relations. We propose a framework named HiAtGang, in which we define the concept of the gang detection in DDoS attacks and introduce the community analysis technology into DDoS attack gang analysis. Different attacker clustering algorithms are compared and analyzed. Based on analysis results of massive DDoS attack events that recorded by CNCERT/CC (The National Computer Network Emergency Response Technical Team/Coordination Center of China), the effective gang mining and attribute calibration have been achieved. More than 250 DDoS attack gangs have been successfully tracked. Our research fills the gaps in the field of the DDoS attack gang detection and has supported CNCERT/CC in publishing “Analysis Report on DDoS Attack Resources” for three consecutive years and achieved a good practical effect on combating DDoS attack crimes.
CITATION STYLE
Zhu, T., Qiu, X., Rao, Y., Yan, H., Zhou, Y., & Shi, G. (2022). HiAtGang: How to Mine the Gangs Hidden Behind DDoS Attacks. Chinese Journal of Electronics, 31(2), 293–303. https://doi.org/10.1049/cje.2021.00.021
Mendeley helps you to discover research relevant for your work.