Smart crawlers for flash-crowd DDoS: The attacker´s perspective

Flash-crowd DDoS attacks - in which the attacking bots aim to appear indistinguishable from the regular visitors to the victim web-site - have only recently been identified in the literature. While generally seen as the most advanced and most potent type of DDoS, flash crowd attacks are only partially understood, and their practical viability is still very much unclear. To the best of our knowledge, this is the first study that takes the perspective of a potential attacker interested in executing a flash crowd DDoS, and looks at the challenges of designing a botnet that would carry out that execution effectively. The results of our study demonstrate that, through the use of some popular readily available Internet tools, the attacker is likely to succeed in harvesting critical information about any perspective victim site, and thus be in the position to customize his bots (i.e., make them behave very close to how a typical human visitor to the given site would behave). Clearly, better bot customization would imply more powerful and harder-to-defend-against DDoS attacks.