Scan, Test, Execute: Adversarial Tactics in Amplification DDoS Attacks

Harm Griffioen, Kris Oosthoek, Paul van der Knaap, Christian Doerr
October 2021

Abstract

Amplification attacks generate an enormous flood of unwanted traffic towards a victim and are generated with the help of open, unsecured services, to which an adversary sends spoofed service requests that trigger large answer volumes to a victim. However, the actual execution of the packet flood is only one of the activities necessary for a successful attack. Adversaries need, for example, to develop attack tools, select open services to abuse, test them, and adapt the attacks if necessary, each of which can be implemented in myriad ways. Thus, to understand the entire ecosystem and how adversaries work, we need to look at the entire chain of activities.

Type
Conference paper
Publication
ACM Conference on Computer and Communications Security
Kris Oosthoek
Kris Oosthoek
Cyber Security Professional and PhD Candidate

My research interests include cyber security and specifically threat intelligence automation and malware/binary analysis.