Poster: DDoSGrid: a Platform for the Post-mortem Analysis and Visualization of DDoS Attacks

Distributed Denial-of-Service (DDoS) attacks remain one of the top reasons for business disruption and financial losses. Although mitigation solutions are available on the market, there is still a need for approaches that help network operators understand attack characteristics and behaviors, resulting in better planning of companies' cybersecurity strategies. This paper introduces DDoSGrid, a platform for the analysis and visualization of DDoS attacks. DDoSGrid implements an extensible set of miners to extract, process, and analyze information from network traces (i.e., PCAP files) to provide insightful visualizations for a better understanding and in-depth analysis of DDoS attacks in different scenarios. A case study was performed using an HTTP flood attack scenario to evaluate the feasibility of the approach. DDoSGrid enables real-world DDoS scenarios' analysis, providing an intuitive interface integrated with extensible insightful visualizations and data miners.

[1]  Domenico Cotroneo,et al.  Challenges and Directions in Security Information and Event Management (SIEM) , 2018, 2018 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW).

[2]  Burkhard Stiller,et al.  MENTOR: The Design and Evaluation of a Protection Services Recommender System , 2019, 2019 15th International Conference on Network and Service Management (CNSM).

[3]  Xiaoju Dong,et al.  Research on Visualization Systems for DDoS Attack Detection , 2018, 2018 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[4]  Jamilson Dantas,et al.  Impact of a DDoS attack on computer systems: An approach based on an attack tree model , 2018, 2018 Annual IEEE International Systems Conference (SysCon).

[5]  Muhammad Nomani Kabir,et al.  IDS for Improving DDoS Attack Recognition Based on Attack Profiles and Network Traffic Features , 2020, 2020 16th IEEE International Colloquium on Signal Processing & Its Applications (CSPA).

[6]  Teng Joon Lim,et al.  Early Detection Of Mirai-Like IoT Bots In Large-Scale Networks Through Sub-Sampled Packet Traffic Analysis , 2019, Lecture Notes in Networks and Systems.