Abstract
Distributed Denial of Service (DDoS) attacks-as-a-service, known as Booter or Stresser, is convenient and low-priced for ordinary people to launch DDoS attacks. It makes DDoS attacks even more rampant. However, until now there is not much research on Booter and little acquaintance with their backend infrastructure, customers, business, etc. In this paper, we present a new method which focuses on the content (text) characteristics on Booters websites and selects more discriminative features between Booter and non-Booter to identify Booters more effectively in the Internet. The experimental results show that the classification accuracy of distinguishing Booter and non-Booter websites is 98.74%. In addition, our method is compared with several representative methods and the results show that the proposed method outperforms the classical methods in 66% of the classification cases on three datasets: Booter websites, 20-Newsgroups and WebKB.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
The 4 universities data set (1998). http://www.cs.cmu.edu/afs/cs.cmu.edu/project/theo-20/www/data/. Accessed 4 June 2018
Home page for 20 newsgroups data set (2008). http://www.qwone.com/~jason/20Newsgroups/. Accessed 4 June 2018
Akamai: Third quarter 2016 state of the internet/security report (2016). https://www.akamai.com/us/en/about/news/press/2016-press/akamai-releases-third-quarter-2016-state-of-the-internet-security-report.jsp. Accessed 4 July 2018
Goodin, D.: US service provider survives the biggest recorded DDoS in history (2018). https://arstechnica.com/information-technology/2018/03/us-service-provider-survives-the-biggest-recorded-ddos-in-history/. Accessed 4 July 2018
Karami, M., Park, Y., McCoy, D.: Stress testing the booters: understanding and undermining the business of DDoS services. In: Proceedings of the 25th International Conference on World Wide Web, pp. 1033–1043. International World Wide Web Conferences Steering Committee (2016)
Krämer, L., et al.: AmpPot: monitoring and defending against amplification DDoS attacks. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 615–636. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26362-5_28
Krupp, J., Backes, M., Rossow, C.: Identifying the scan and attack infrastructures behind amplification DDoS attacks. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1426–1437. ACM (2016)
Krupp, J., Karami, M., Rossow, C., McCoy, D., Backes, M.: Linking amplification DDoS attacks to booter services. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 427–449. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66332-6_19
Noroozian, A., Korczyński, M., Gañan, C.H., Makita, D., Yoshioka, K., van Eeten, M.: Who gets the boot? Analyzing victimization by DDoS-as-a-Service. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 368–389. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45719-2_17
Prince, M.: Technical details behind a 400 Gbps NTP amplification DDoS attack (2014). https://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack/. Accessed 4 July 2018
Quinlan, J.R.: Induction of decision trees. Mach. Learn. 1(1), 81–106 (1986)
Santanna, J.J.: DDoS-as-a-Service: investigating booter websites. Ph.D. thesis. University of Twente, Enschede, The Netherlands (2017). https://doi.org/10.3990/1.9789036544290
Santanna, J.J.: Booters (black)list and ecosystem analysis (2018). https://jjsantanna.github.io/booters_ecosystem_analysis/. Accessed 4 July 2018
Santanna, J.J., et al.: Booters—an analysis of DDoS-as-a-Service attacks. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management, IM, pp. 243–251. IEEE (2015)
Santanna, J.J., de Vries, J., de O. Schmidt, R., Tuncer, D., Granville, L.Z., Pras, A.: Booter list generation: the basis for investigating DDoS-for-hire websites. Int. J. Netw. Manag. 28(1), e2008 (2018)
Shang, W., Huang, H., Zhu, H., Lin, Y., Qu, Y., Wang, Z.: A novel feature selection algorithm for text categorization. Expert Syst. Appl. 33(1), 1–5 (2007)
Yan, J., et al.: OCFS: optimal orthogonal centroid feature selection for text categorization. In: Proceedings of the 28th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, pp. 122–129. ACM (2005)
Yang, J., Qu, Z., Liu, Z.: Improved feature-selection method considering the imbalance problem in text categorization. Sci. World J. 2014(3) (2014)
Yang, Y., Pedersen, J.O.: A comparative study on feature selection in text categorization. In: ICML, vol. 97, pp. 412–420 (1997)
Acknowledgement
This paper is Supported by National Key Research and Development Program of China under Grant No. 2017YFB0803003 and National Science Foundation for Young Scientists of China (Grant No. 61702507).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Zhang, W., Bai, X., Chen, C., Chen, Z. (2019). Booter Blacklist Generation Based on Content Characteristics. In: Gao, H., Wang, X., Yin, Y., Iqbal, M. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 268. Springer, Cham. https://doi.org/10.1007/978-3-030-12981-1_37
Download citation
DOI: https://doi.org/10.1007/978-3-030-12981-1_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12980-4
Online ISBN: 978-3-030-12981-1
eBook Packages: Computer ScienceComputer Science (R0)