Return to search

Detecting a Distributed Denial-of-Service Attack Using Speed Test Data: A Case Study on an Attack with Nationwide Impact

This thesis presents a case study that investigates a large Distributed Denial of Service (DDoS) attack and how it affected speed tests observed by the crowd-based speed test application Bredbandskollen.  Furthermore, the thesis also investigates the possibility of using crowd-based speed tests as a method to detect a DDoS attack. This method has very low overhead which makes it an interesting complement to other methods. This thesis also shows that there was a significant deviation in the number of measurements during the DDoS attack considered in the case study compared to the year average. Furthermore, the measurements of the peak day of the attack had a higher average download speed than the year average. Whereas the higher download speed observation at first may appear non-intuitive, we briefly discuss potential explanations and how such positive anomalies could potentially be used to detect attacks. Detecting DDoS attacks early can lead to earlier recognition of network problems which can aid Internet Service Providers (ISPs) in maintaining the availability of their networks.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:liu-120611
Date January 2015
CreatorsAndersson, Karl, Odlander, Marcus
PublisherLinköpings universitet, Institutionen för datavetenskap, Linköpings universitet, Tekniska fakulteten, Linköpings universitet, Institutionen för datavetenskap, Linköpings universitet, Tekniska fakulteten
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0652 seconds