Booter Blacklist Generation Based on Content Characteristics

Distributed Denial of Service (DDoS) attacks-as-a-service, known as Booter or Stresser, is convenient and low-priced for ordinary people to launch DDoS attacks. It makes DDoS attacks even more rampant. However, until now there is not much research on Booter and little acquaintance with their backend infrastructure, customers, business, etc. In this paper, we present a new method which focuses on the content (text) characteristics on Booters websites and selects more discriminative features between Booter and non-Booter to identify Booters more effectively in the Internet. The experimental results show that the classification accuracy of distinguishing Booter and non-Booter websites is 98.74%. In addition, our method is compared with several representative methods and the results show that the proposed method outperforms the classical methods in 66% of the classification cases on three datasets: Booter websites, 20-Newsgroups and WebKB.

[1]  Katsunari Yoshioka,et al.  Who Gets the Boot? Analyzing Victimization by DDoS-as-a-Service , 2016, RAID.

[2]  Michael Backes,et al.  Linking Amplification DDoS Attacks to Booter Services , 2017, RAID.

[3]  Aiko Pras,et al.  Booters — An analysis of DDoS-as-a-service attacks , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[4]  Lukas Krämer,et al.  AmpPot: Monitoring and Defending Against Amplification DDoS Attacks , 2015, RAID.

[5]  Yiming Yang,et al.  A Comparative Study on Feature Selection in Text Categorization , 1997, ICML.

[6]  Damon McCoy,et al.  Stress Testing the Booters: Understanding and Undermining the Business of DDoS Services , 2016, WWW.

[7]  Michael Backes,et al.  Identifying the Scan and Attack Infrastructures Behind Amplification DDoS Attacks , 2016, CCS.

[8]  Zhaoyang Qu,et al.  Improved Feature-Selection Method Considering the Imbalance Problem in Text Categorization , 2014, TheScientificWorldJournal.

[9]  Wei-Ying Ma,et al.  OCFS: optimal orthogonal centroid feature selection for text categorization , 2005, SIGIR '05.

[10]  Aiko Pras,et al.  Booter list generation: The basis for investigating DDoS-for-hire websites , 2018, Int. J. Netw. Manag..

[11]  Wenqian Shang,et al.  A novel feature selection algorithm for text categorization , 2007, Expert Syst. Appl..

[12]  J. Ross Quinlan,et al.  Induction of Decision Trees , 1986, Machine Learning.

[13]  Guoyin Wang,et al.  Erratum to “Experimental Analyses of the Major Parameters Affecting the Intensity of Outbursts of Coal and Gas” , 2014, The Scientific World Journal.

[14]  Cardoso de Santanna,et al.  DDoS-as-a-Service: Investigating Booter Websites , 2017 .