Booter Blacklist Generation Based on Content Characteristics

  • Wang Zhang
  • Xu Bai
  • Chanjuan Chen
  • Zhaolin ChenEmail author
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 268)


Distributed Denial of Service (DDoS) attacks-as-a-service, known as Booter or Stresser, is convenient and low-priced for ordinary people to launch DDoS attacks. It makes DDoS attacks even more rampant. However, until now there is not much research on Booter and little acquaintance with their backend infrastructure, customers, business, etc. In this paper, we present a new method which focuses on the content (text) characteristics on Booters websites and selects more discriminative features between Booter and non-Booter to identify Booters more effectively in the Internet. The experimental results show that the classification accuracy of distinguishing Booter and non-Booter websites is 98.74%. In addition, our method is compared with several representative methods and the results show that the proposed method outperforms the classical methods in 66% of the classification cases on three datasets: Booter websites, 20-Newsgroups and WebKB.


Booter service Feature selection Text classification 



This paper is Supported by National Key Research and Development Program of China under Grant No. 2017YFB0803003 and National Science Foundation for Young Scientists of China (Grant No. 61702507).


  1. 1.
    The 4 universities data set (1998). Accessed 4 June 2018
  2. 2.
    Home page for 20 newsgroups data set (2008). Accessed 4 June 2018
  3. 3.
    Akamai: Third quarter 2016 state of the internet/security report (2016). Accessed 4 July 2018
  4. 4.
    Goodin, D.: US service provider survives the biggest recorded DDoS in history (2018). Accessed 4 July 2018
  5. 5.
    Karami, M., Park, Y., McCoy, D.: Stress testing the booters: understanding and undermining the business of DDoS services. In: Proceedings of the 25th International Conference on World Wide Web, pp. 1033–1043. International World Wide Web Conferences Steering Committee (2016)Google Scholar
  6. 6.
    Krämer, L., et al.: AmpPot: monitoring and defending against amplification DDoS attacks. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 615–636. Springer, Cham (2015). Scholar
  7. 7.
    Krupp, J., Backes, M., Rossow, C.: Identifying the scan and attack infrastructures behind amplification DDoS attacks. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1426–1437. ACM (2016)Google Scholar
  8. 8.
    Krupp, J., Karami, M., Rossow, C., McCoy, D., Backes, M.: Linking amplification DDoS attacks to booter services. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 427–449. Springer, Cham (2017). Scholar
  9. 9.
    Noroozian, A., Korczyński, M., Gañan, C.H., Makita, D., Yoshioka, K., van Eeten, M.: Who gets the boot? Analyzing victimization by DDoS-as-a-Service. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 368–389. Springer, Cham (2016). Scholar
  10. 10.
    Prince, M.: Technical details behind a 400 Gbps NTP amplification DDoS attack (2014). Accessed 4 July 2018
  11. 11.
    Quinlan, J.R.: Induction of decision trees. Mach. Learn. 1(1), 81–106 (1986)Google Scholar
  12. 12.
    Santanna, J.J.: DDoS-as-a-Service: investigating booter websites. Ph.D. thesis. University of Twente, Enschede, The Netherlands (2017).
  13. 13.
    Santanna, J.J.: Booters (black)list and ecosystem analysis (2018). Accessed 4 July 2018
  14. 14.
    Santanna, J.J., et al.: Booters—an analysis of DDoS-as-a-Service attacks. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management, IM, pp. 243–251. IEEE (2015)Google Scholar
  15. 15.
    Santanna, J.J., de Vries, J., de O. Schmidt, R., Tuncer, D., Granville, L.Z., Pras, A.: Booter list generation: the basis for investigating DDoS-for-hire websites. Int. J. Netw. Manag. 28(1), e2008 (2018)CrossRefGoogle Scholar
  16. 16.
    Shang, W., Huang, H., Zhu, H., Lin, Y., Qu, Y., Wang, Z.: A novel feature selection algorithm for text categorization. Expert Syst. Appl. 33(1), 1–5 (2007)CrossRefGoogle Scholar
  17. 17.
    Yan, J., et al.: OCFS: optimal orthogonal centroid feature selection for text categorization. In: Proceedings of the 28th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, pp. 122–129. ACM (2005)Google Scholar
  18. 18.
    Yang, J., Qu, Z., Liu, Z.: Improved feature-selection method considering the imbalance problem in text categorization. Sci. World J. 2014(3) (2014)Google Scholar
  19. 19.
    Yang, Y., Pedersen, J.O.: A comparative study on feature selection in text categorization. In: ICML, vol. 97, pp. 412–420 (1997)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019

Authors and Affiliations

  • Wang Zhang
    • 1
    • 2
  • Xu Bai
    • 1
    • 2
  • Chanjuan Chen
    • 3
  • Zhaolin Chen
    • 4
    Email author
  1. 1.Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina
  3. 3.China National Machinery Industry CorporationBeijingChina
  4. 4.Nanjing University of Aeronautics and AstronauticsNanjingChina

Personalised recommendations