Booter list generation: The basis for investigating DDoS-for-hire websites

José Jair Santanna; Joey de Vries; Ricardo de O. Schmidt; Daphne Tuncer; Lisandro Z. Granville; Aiko Pras

doi:10.1002/nem.2008

Booter list generation: The basis for investigating DDoS-for-hire websites

José Jair Santanna^* (Corresponding Author), Joey de Vries, Ricardo de O. Schmidt, Daphne Tuncer, Lisandro Z. Granville, Aiko Pras

^*Corresponding author for this work

Research output: Contribution to journal › Special issue › Academic › peer-review

3 Citations (Scopus)

425 Downloads (Pure)

Abstract

The expansion of Distributed Denial of Service (DDoS)–for-hire websites, known as Booters, has radically modified both the scope and stakes of DDoS attacks. Until recently, however, Booters have only received little attention from the research community. Given their impact, addressing the challenges associated with this phenomenon is crucial. In this paper, we present a rigorous methodology to identify a comprehensive set of existing Booters in the Internet. Before presenting our methodology, we illustrate the benefits of a set of booters on monitoring users from the Dutch NREN, SURFNet, from 2015 to 2017. Our methodology relies on well-defined mechanisms to generate a Booter list, from crawling suspect URLs to characterizing and classifying the collected URLs. The list obtained using the methodology presented in this paper has a classification accuracy of 95.5%, which is 10.5% better compared to previous work.

Original language	English
Article number	e2008
Journal	International journal of network management
Volume	28
Issue number	1
Early online date	6 Nov 2017
DOIs	https://doi.org/10.1002/nem.2008
Publication status	Published - 1 Jan 2018

Keywords

2019 OA procedure

Access to Document

10.1002/nem.2008

ArticleFinal published version, 2.17 MBLicence: Taverne

Cite this

@article{4322426a85844397b9afb84e7690fb10,

title = "Booter list generation: The basis for investigating DDoS-for-hire websites",

abstract = "The expansion of Distributed Denial of Service (DDoS)–for-hire websites, known as Booters, has radically modified both the scope and stakes of DDoS attacks. Until recently, however, Booters have only received little attention from the research community. Given their impact, addressing the challenges associated with this phenomenon is crucial. In this paper, we present a rigorous methodology to identify a comprehensive set of existing Booters in the Internet. Before presenting our methodology, we illustrate the benefits of a set of booters on monitoring users from the Dutch NREN, SURFNet, from 2015 to 2017. Our methodology relies on well-defined mechanisms to generate a Booter list, from crawling suspect URLs to characterizing and classifying the collected URLs. The list obtained using the methodology presented in this paper has a classification accuracy of 95.5%, which is 10.5% better compared to previous work.",

keywords = "2019 OA procedure",

author = "Santanna, {Jos{\'e} Jair} and Joey de Vries and {de O. Schmidt}, Ricardo and Daphne Tuncer and {Z. Granville}, Lisandro and Aiko Pras",

note = "Special Issue: Security for Emerging Open Networking Technologies",

year = "2018",

month = jan,

day = "1",

doi = "10.1002/nem.2008",

language = "English",

volume = "28",

journal = "International journal of network management",

issn = "1055-7148",

publisher = "Wiley",

number = "1",

}

TY - JOUR

T1 - Booter list generation

T2 - The basis for investigating DDoS-for-hire websites

AU - Santanna, José Jair

AU - de Vries, Joey

AU - de O. Schmidt, Ricardo

AU - Tuncer, Daphne

AU - Z. Granville, Lisandro

AU - Pras, Aiko

N1 - Special Issue: Security for Emerging Open Networking Technologies

PY - 2018/1/1

Y1 - 2018/1/1

N2 - The expansion of Distributed Denial of Service (DDoS)–for-hire websites, known as Booters, has radically modified both the scope and stakes of DDoS attacks. Until recently, however, Booters have only received little attention from the research community. Given their impact, addressing the challenges associated with this phenomenon is crucial. In this paper, we present a rigorous methodology to identify a comprehensive set of existing Booters in the Internet. Before presenting our methodology, we illustrate the benefits of a set of booters on monitoring users from the Dutch NREN, SURFNet, from 2015 to 2017. Our methodology relies on well-defined mechanisms to generate a Booter list, from crawling suspect URLs to characterizing and classifying the collected URLs. The list obtained using the methodology presented in this paper has a classification accuracy of 95.5%, which is 10.5% better compared to previous work.

AB - The expansion of Distributed Denial of Service (DDoS)–for-hire websites, known as Booters, has radically modified both the scope and stakes of DDoS attacks. Until recently, however, Booters have only received little attention from the research community. Given their impact, addressing the challenges associated with this phenomenon is crucial. In this paper, we present a rigorous methodology to identify a comprehensive set of existing Booters in the Internet. Before presenting our methodology, we illustrate the benefits of a set of booters on monitoring users from the Dutch NREN, SURFNet, from 2015 to 2017. Our methodology relies on well-defined mechanisms to generate a Booter list, from crawling suspect URLs to characterizing and classifying the collected URLs. The list obtained using the methodology presented in this paper has a classification accuracy of 95.5%, which is 10.5% better compared to previous work.

KW - 2019 OA procedure

UR - http://www.scopus.com/inward/record.url?scp=85040788655&partnerID=8YFLogxK

U2 - 10.1002/nem.2008

DO - 10.1002/nem.2008

M3 - Special issue

AN - SCOPUS:85040788655

SN - 1055-7148

VL - 28

JO - International journal of network management

JF - International journal of network management

IS - 1

M1 - e2008

ER -

Booter list generation: The basis for investigating DDoS-for-hire websites

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this