Scan, Test, Execute: Adversarial Tactics in Amplification DDoS Attacks


Amplification attacks generate an enormous flood of unwanted traffic towards a victim and are generated with the help of open, unsecured services, to which an adversary sends spoofed service requests that trigger large answer volumes to a victim. However, the actual execution of the packet flood is only one of the activities necessary for a successful attack. Adversaries need, for example, to develop attack tools, select open services to abuse, test them, and adapt the attacks if necessary, each of which can be implemented in myriad ways. Thus, to understand the entire ecosystem and how adversaries work, we need to look at the entire chain of activities.

ACM Conference on Computer and Communications Security
Kris Oosthoek
Kris Oosthoek
Cyber Security Professional and PhD Candidate

My research interests include cyber security and specifically threat intelligence automation and malware/binary analysis.