Volume 31 Issue 2
Mar.  2022
Turn off MathJax
Article Contents
ZHU Tian, QIU Xiaokang, RAO Yu, YAN Hanbing, ZHOU Yu, SHI Guixin. HiAtGang: How to Mine the Gangs Hidden Behind DDoS Attacks[J]. Chinese Journal of Electronics, 2022, 31(2): 293-303. doi: 10.1049/cje.2021.00.021
Citation: ZHU Tian, QIU Xiaokang, RAO Yu, YAN Hanbing, ZHOU Yu, SHI Guixin. HiAtGang: How to Mine the Gangs Hidden Behind DDoS Attacks[J]. Chinese Journal of Electronics, 2022, 31(2): 293-303. doi: 10.1049/cje.2021.00.021

HiAtGang: How to Mine the Gangs Hidden Behind DDoS Attacks

doi: 10.1049/cje.2021.00.021
Funds:  This work was supported by the National Key Research and Development Program of China (2018YFB0804704) and the National Science Foundation of China (U1736218)
More Information
  • Author Bio:

    was born in 1985. She received the Ph.D. degree in computer science from Beijing University of Posts and Telecommunicaitons. Her research interests include network security and data mining. (Email: zhutian0403@163.com)

    was born in 1995. She received the bachelor’s degree in management from Beijing Forestry University and received the master’s degree in management from Beihang University. Her research interests include information security and artificial intelligence. (Email: qiuxiaokang724@163.com)

    was born in 1985. She received the B.E. degree in electronic information from Huazhong University of Science and Technology and the Ph.D. degree in electronic engineering from Tsinghua University. Her research interests includes network security and attack tracing. (Email: raoyu@cert.org.cn)

    (corresponding author) obtained the Ph.D. degree from the Department of Computer Science and Technology, Tsinghua University, China in 2006. His research interests include cyber security, image analysis and computer graphics. (Email: yhb@cert.org.cn)

    was born in 1986. She received the M.A. degree in simultaneous interpretation, foreign linguistics and applied linguistics from Beijing Foreign Studies University. Her research interests include governance of global cyberspace and international cooperation in cybersecurity. (Email: zhouyu@cert.org.cn)

    was born in 1991. She received the B.S. degree in electronic engineering from Harbin Engineering University, Harbin, China, in 2014, and the Ph.D. degree in signal and information processing from University of Chinese Academy of Sciences, Beijing, China, in 2019. Her current research interests include network security and attack tracing. (Email: shiguixin@cert.org.cn)

  • Received Date: 2020-12-31
  • Accepted Date: 2021-09-17
  • Available Online: 2021-11-15
  • Publish Date: 2022-03-05
  • Identifying and determining behaviors of attack gangs is not only an advanced stage of the network security event tracing and analysis, but also a core step of large-scale combat and punishment of cyber attacks. Most of the work in the field of distributed denial of service (DDoS) attack analysis has focused on DDoS attack detection, and a part of the work involves the research of DDoS attack sourcing. We find that very little work has been done on the mining and analysis of DDoS attack gangs. DDoS attack gangs naturally have the attributes of human community relations. We propose a framework named HiAtGang, in which we define the concept of the gang detection in DDoS attacks and introduce the community analysis technology into DDoS attack gang analysis. Different attacker clustering algorithms are compared and analyzed. Based on analysis results of massive DDoS attack events that recorded by CNCERT/CC (The National Computer Network Emergency Response Technical Team/Coordination Center of China), the effective gang mining and attribute calibration have been achieved. More than 250 DDoS attack gangs have been successfully tracked. Our research fills the gaps in the field of the DDoS attack gang detection and has supported CNCERT/CC in publishing “Analysis Report on DDoS Attack Resources” for three consecutive years and achieved a good practical effect on combating DDoS attack crimes.
  • loading
  • [1]
    C. H. Sun and B. Liu, “Survey on new solutions against distributed denial of service attacks,” Chinese Journal of Electronics, vol.37, no.3, pp.1562–1570, 2009.
    S. F. Li, Y. H. Cui, and L.S. Yan, “An effective SDN controller scheduling method to defence DDoS attacks,” Chinese Journal of Electronics, vol.28, no.2, pp.404–407, 2019. doi: 10.1049/cje.2019.01.017
    “World Economic Forum, The Global Risks Report 2018,” available at: https://www.weforum.org/reports/the-global-risks-report-2018, 2021-10-18.
    CNCERT/CC, “2018 China Internet cyber security report,” available at: https://www.cert.org.cn/publish/main/upload/File/2019%20CNCERT%20Cybersecurity%20analysis.pdf, 2021-10-18.
    Balabine Igor and Velednitsky Alexander, “Method and system for confident anomaly detection in computer network traffic,” Patent, US9843488, USA, 2017-12-12.
    T. Melissa, H. Nicholas, and K. Alexander, Networks and Cyber-Security, Singapore: World Scientific, pp.67–87, 2016.
    K Alrawashdeh and C Purdy, “Toward an online anomaly intrusion detection system based on deep learning,” in Proc. of the 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA), Anaheim, CA, USA, pp.195–200, 2016.
    Ž. Deljaca, M. Randićb, and G. Krčelića, “Early detection of network element outages based on customer trouble calls,” Decision Support Systems, vol.73, pp.57–73, 2015. doi: 10.1016/j.dss.2015.02.014
    Hesham Altwaijry, “Bayesian Based Intrusion Detection System,” IAENG Transactions on Engineering Technologies: Special Edition of the World Congress on Engineering and Computer Science 2011, pp.29–44, 2013. doi: 10.1007/978-94-007-4786-9_3
    K. Santosh, S. Nandi, and S. Biswas, “Research and application of one-class small hypersphere support vector machine for network anomaly detection,” in Proc. of the 2011 3rd Int. Conf. on Communication Systems and Networks (COMSNETS 2011), Bangalore, India, pp.1–4. 2011.
    G. Poojitha, K. N. Kumar, and P. J. Reddy, “Intrusion detection using artificial neural network,” 2010 Second International conference on Computing, Communication and Networking Technologies, Karur, India, pp.1–7, 2010.
    Tencent Security Joint Laboratory, “2018 Internet black production research report for the first half of 2018,” available at: https://guanjia.qq.com/news/n1/2382.html, 2021-10-18. (in Chinese)
    N. Hoque, D. K. Bhattacharyya, and J. K. Kalita, “Botnet in DDoS attacks: Trends and challenges,” IEEE Communications Surveys & Tutorials, vol.17, no.4, pp.2242–2270, 2015.
    K. Kalkan, G. Gur, and F. Alagoz, “Defense mechanisms against DDoS attacks in SDN environment,” IEEE Communications Magazine, vol.55, no.9, pp.175–179, 2017. doi: 10.1109/MCOM.2017.1600970
    M. Girvan and M. E. J. Newman, “Community structure in social and biological networks,” Proceedings of the National Academy of Sciences, vol.99, no.9, pp.175–179, 2017.
    U.N. Raghavan, R. Albert, and S. Kumara, “Near linear time algorithm to detect community structures in large-scale networks,” Physical Review E 25th Anniversary Milestones, vol.76, no.3, article no.036106, 2007.
    M. Rosvall and C. T. Bergstrom, “Maps of random walks on complex networks reveal community structure,” Proceedings of the National Academy of Sciences of the United States of America, vol.105, no.4, pp.1118–1123, 2008. doi: 10.1073/pnas.0706851105
    A. Lancichinetti, S. Fortunato, and J. Kertesz, “Detecting the overlapping and hierarchical community structure of complex networks,” New Journal of Physics, vol.11, no.3, article no.033015, 2008.
    L. P. Sun, J. Liu, X. Y. Zheng et al., “An efficient and adaptive method for overlapping community detection in real-world networks,” Chinese Journal of Electronics, vol.6, no.6, pp.1126–1132, 2018.
    F. F. Wang, B. H. Zhang, and S. C. Chai, “Deep auto-encoded clustering algorithm for community detection in complex networks,” Chinese Journal of Electronics, vol.28, no.3, pp.489–496, 2019. doi: 10.1049/cje.2019.03.019
    Erétéo G, Gandon F, Buffa M. “Semtagp: Semantic community detection in folksonomies,” in Proc. of the 2011 IEEE/WIC/ACM Int. Conf. on Web Intelligence and Intelligent Agent Technology, Lyon, France, pp.324–331, 2011.
    G. Y.Cai and Y. M. Wen, “Research on tag delivery algorithm in social semantic Web community,” Computing Science, vol.40, no.2, pp.53–57, 2013.
    S. Liu and S. Wang, “Trajectory community discovery and recommendation by multi-source diffusion modeling,” IEEE Transactions on Knowledge and Data Engineering, vol.29, no.4, pp.898–911, 2017. doi: 10.1109/TKDE.2016.2637898
    J. Kang, Y. Zhang, and J. Ju, “Classifying DDoS attacks by hierarchical clustering based on similarity,” 2006 International Conference on Machine Learning and Cybernetics, Dalian, China, pp.2712–2717, 2006.
    A. Girma, M. Garuba, and R. Goel, “Advanced machine language approach to detect ddos attack using DBSCAN clustering technology with entropy,” 14th International Conference on Information Technology: New Generations, Las Vegas, USA, pp.125–131, 2017.
    J. Sun, Y. Liu, and X. Zhao, “Detection of application layer DDoS attacks based on clustering,” Computer Engineering and Applications, vol.52, no.21, pp.116–119, 2016.
    S. Wei, Y. Ding, and X. Han, “TDSC: Two-stage DDoS detection and defense system based on clustering,” 2017 47th Annual IEEE/IFIP Int. Conf. on Dependable Systems and Networks Workshops, Denver, CO, USA, pp.101–102, 2017.
    X. Qin, T. Xu, and C. Wang, “DDoS attack detection using flow entropy and clustering technique,” 2015 11th International Conference on Computational Intelligence and Security (CIS), Shenzhen, China, pp. 412–415, 2015.
    Q. L. Yang, M. G. Zhang, Y. W. Zhou, et al., “Attribute-based worker selection scheme by using blockchain in decentralized crowdsourcing scenario,” Chinese Journal of Electronics, vol.30, no.2, pp.249–257, 2021. doi: 10.1049/cje.2021.01.007
    C. C. Hung, C. W. Chang, and W. C. Peng, “Mining trajectory profiles for discovering user communities,” in Proc. of the 2009 International Workshop on Location Based Social Networks, Seattle, Washington, USA, pp.1−8, 2009.
    F. Osborne, G. Scavo, and E. Motta, “Identifying diachronic topic-based research communities by clustering shared research trajectories,” European Semantic Web Conference, Anissaras, Crete, Greece, pp.114−129, 2014.
    S. Chakri, S. Raghay, S. El hadaj, et al., “Semantic trajectory knowledge discovery: A promising way to extract meaningful patterns from spatiotemporal data,” International Journal of Software Engineering and Knowledge Engineering, vol.27, no.3, pp.399–421, 2017. doi: 10.1142/S0218194017500140
    L. Tang, Y. Zheng, J. Yuan, et al., “On discovery of traveling companions from streaming trajectories,” 2012 IEEE 28th International Conference on Data Engineering, Arlington, VA, USA, pp.186–197, 2012.
    Cyberpolice, “Beijing Municipal Public Security Bureau’s special campaign of combating illegal crimes of DDoS attacks,” available at: http://cyberpolice.mps.gov.cn/wfjb/html/gzdt/20191218/4709.shtml, 2019-12-30. (in Chinese)
    CNCERT/CC, “Analysis report on DDoS attack resources in China for Q3 2020,” available at: https://www.cert.org.cn/publish/main/68/2020/20201118124029676949722/20201118124029676949722.html, 2020-11-18. (in Chinese)
  • 加载中


    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(10)  / Tables(1)

    Article Metrics

    Article views (99) PDF downloads(13) Cited by()
    Proportional views


    DownLoad:  Full-Size Img  PowerPoint