Booter list generation: The basis for investigating DDoS-for-hire websites

Summary The expansion of Distributed Denial of Service (DDoS)–for-hire websites, known as Booters, has radically modified both the scope and stakes of DDoS attacks. Until recently, however, Booters have only received little attention from the research community. Given their impact, addressing the challenges associated with this phenomenon is crucial. In this paper, we present a rigorous methodology to identify a comprehensive set of existing Booters in the Internet. Before presenting our methodology, we illustrate the benefits of a set of booters on monitoring users from the Dutch NREN, SURFNet, from 2015 to 2017. Our methodology relies on well-defined mechanisms to generate a Booter list, from crawling suspect URLs to characterizing and classifying the collected URLs. The list obtained using the methodology presented in this paper has a classification accuracy of 95.5%, which is 10.5% better compared to previous work.

[1]  Damon McCoy,et al.  Understanding the Emerging Threat of DDoS-as-a-Service , 2013, LEET.

[2]  Damon McCoy,et al.  Rent to Pwn: Analyzing Commodity Booter DDoS Services , 2013, login Usenix Mag..

[3]  Firdous Kausar,et al.  Hybrid Client Side Phishing Websites Detection Approach , 2014 .

[4]  Liming Chen,et al.  WebGuard: a Web filtering engine combining textual, structural, and visual content-based analysis , 2006, IEEE Transactions on Knowledge and Data Engineering.

[5]  Lukas Nemec,et al.  Service in Denial - Clouds Going with the Winds , 2015, NSS.

[6]  Aiko Pras,et al.  Booters — An analysis of DDoS-as-a-service attacks , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[7]  Aiko Pras,et al.  Booter websites characterization: towards a list of threats , 2015 .

[8]  Kilian Q. Weinberger,et al.  Distance Metric Learning for Large Margin Nearest Neighbor Classification , 2005, NIPS.

[9]  Aiko Pras,et al.  Quiet Dogs Can Bite: Which Booters Should We Go After, and What Are Our Mitigation Options? , 2017, IEEE Communications Magazine.

[10]  Aiko Pras,et al.  Inside booters: An analysis on operational databases , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[11]  Aiko Pras,et al.  Evaluating third-party Bad Neighborhood blacklists for Spam detection , 2013, 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013).

[12]  AnHai Doan,et al.  Chimera: Large-Scale Classification using Machine Learning, Rules, and Crowdsourcing , 2014, Proc. VLDB Endow..

[13]  Charu C. Aggarwal,et al.  On the Surprising Behavior of Distance Metrics in High Dimensional Spaces , 2001, ICDT.

[14]  Stefan M. Rüger,et al.  Fractional Distance Measures for Content-Based Image Retrieval , 2005, ECIR.

[15]  Lars Littig Classifying web sites , 2007, WWW '07.

[16]  Hans-Peter Kriegel,et al.  Classification of Websites as Sets of Feature Vectors , 2004, Databases and Applications.

[17]  Anna Sperotto,et al.  Characterizing and Mitigating the DDoS-as-a-Service Phenomenon , 2014, AIMS.

[18]  Christoph Lindemann,et al.  Coarse-grained classification of web sites by their structural properties , 2006, WIDM '06.

[19]  Aiko Pras,et al.  DDoS 3.0 - How Terrorists Bring Down the Internet , 2016, MMB/DFT.

[20]  Malik Yousef,et al.  One-Class SVMs for Document Classification , 2002, J. Mach. Learn. Res..

[21]  Damon McCoy,et al.  Stress Testing the Booters: Understanding and Undermining the Business of DDoS Services , 2016, WWW.

[22]  Monther Aldwairi,et al.  MALURLS: A Lightweight Malicious Website Classification Based on URL Features , 2012 .

[23]  Qi-shu Pan,et al.  A Web Site Classification Approach Based On Its Topological Structure , 2010, Int. J. Asian Lang. Process..

[24]  Niels Provos,et al.  A framework for detection and measurement of phishing attacks , 2007, WORM '07.

[25]  Sophia Kaplantzis,et al.  A study on classification techniques for network intrusion detection , 2006 .

[26]  Thorsten Joachims,et al.  Text Categorization with Support Vector Machines: Learning with Many Relevant Features , 1998, ECML.

[27]  Aiko Pras,et al.  Booters: can anything justify distributed denial-of-service (DDoS) attacks for hire? , 2017, J. Inf. Commun. Ethics Soc..

[28]  Christopher Krügel,et al.  On the Effectiveness of Techniques to Detect Phishing Sites , 2007, DIMVA.

[29]  Richard Clayton,et al.  Exploring the Provision of Online Booter Services , 2016 .

[30]  C.-C. Jay Kuo,et al.  Texture analysis and classification with tree-structured wavelet transform , 1993, IEEE Trans. Image Process..