Flooding attacks to internet threat monitors (ITM): Modeling and counter measures using botnet and honeypots

TL;DR

This paper models flooding attacks on Internet Threat Monitors using botnets and proposes countermeasures with honeypots to detect and mitigate such attacks effectively.

Contribution

It introduces an information-theoretic model of flooding attacks on ITMs and develops honeypot-based detection methods to counteract these threats.

Findings

Model effectively characterizes flooding attacks using botnets.

Honeypots improve detection accuracy of flooding attacks.

Proposed framework enhances ITM resilience against DDoS threats.

Abstract

The Internet Threat Monitoring (ITM),is a globally scoped Internet monitoring system whose goal is to measure, detect, characterize, and track threats such as distribute denial of service(DDoS) attacks and worms. To block the monitoring system in the internet the attackers are targeted the ITM system. In this paper we address flooding attack against ITM system in which the attacker attempt to exhaust the network and ITM's resources, such as network bandwidth, computing power, or operating system data structures by sending the malicious traffic. We propose an information-theoretic frame work that models the flooding attacks using Botnet on ITM. Based on this model we generalize the flooding attacks and propose an effective attack detection using Honeypots.