skip to main content
10.1145/3646547.3688451acmconferencesArticle/Chapter ViewAbstractPublication PagesimcConference Proceedingsconference-collections
research-article
Open access

The Age of DDoScovery: An Empirical Comparison of Industry and Academic DDoS Assessments

Published: 04 November 2024 Publication History

Abstract

Motivated by the impressive but diffuse scope of DDoS research and reporting, we undertake a multistakeholder (joint industry-academic) analysis to seek convergence across the best available macroscopic views of the relative trends in two dominant classes of attacks - direct-path attacks and reflection-amplification attacks. We first analyze 24 industry reports to extract trends and (in)consistencies across observations by commercial stakeholders in 2022. We then analyze ten data sets spanning industry and academic sources, across four years (2019-2023), to find and explain discrepancies based on data sources, vantage points, methods, and parameters. Our method includes a new approach: we share an aggregated list of DDoS targets with industry players who return the results of joining this list with their proprietary data sources to reveal gaps in visibility of the academic data sources. We use academic data sources to explore an industry-reported relative drop in spoofed reflection-amplification attacks in 2021-2022. Our study illustrates the value, but also the challenge, in independent validation of security-related properties of Internet infrastructure. Finally, we reflect on opportunities to facilitate greater common understanding of the DDoS landscape. We hope our results inform not only future academic and industry pursuits but also emerging policy efforts to reduce systemic Internet security vulnerabilities.

References

[1]
A10. 2022. 2022 A10 Networks DDoS Threat Report. https://www.a10networks.com/resources/reports/2022-ddos-threat-report/
[2]
Emile Aben. 2016. [atlas] What is `iwantbcp38compliancetesting' user tag? ripe-atlas - RIPE Network Coordination Centre. https://www.ripe.net/ripe/mail/archives/ripe-atlas/2016-January/002581.html
[3]
Paul Aitken, Beno^it Claise, and Brian Trammell. 2013. Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information. RFC 7011. https://doi.org/10.17487/RFC7011
[4]
Akamai. 2022. The Relentless Evolution of DDoS Attacks. https://www.akamai.com/blog/security/relentless-evolution-of-ddos-attacks
[5]
Akamai. 2023. DDoS Attacks in 2022: Targeting Everything Online, All at Once. https://www.akamai.com/blog/security/ddos-attacks-in-2022-targeting-everything-online
[6]
Alibaba Cloud. 2021. DDoS Attack Statistics and Trend Report by Alibaba Cloud. https://www.alibabacloud.com/blog/ddos-attack-statistics-and-trend-report-by-alibaba-cloud_597607
[7]
Radu Anghel, Swaathi Vetrivel, Elsa Turcios Rodriguez, Kaichi Sameshima, Daisuke Makita, Katsunari Yoshioka, Carlos H. Ga nán, and Yury Zhauniarovich. 2023. Peering into the Darkness: The Use of UTRS in Combating DDoS Attacks. In European Symposium on Research in Computer Security (ESORICS). Springer-Verlag, Berlin, Heidelberg, 23--41.
[8]
Anti-DDoS-Coalitie. 2023. Dutch National Anti-DDoS-coalition. https://www.nomoreddos.org/en/
[9]
Arelion. 2023. Arelion DDoS Threat Landscape report 2023. https://www2.arelion.com/wp-securityreport2023
[10]
Financial Conduct Authority. 2019. Interpreting the data. Financial Conduct Authority. https://www.fca.org.uk/data/mandated-voluntary-information-current-account-services/interpreting-data
[11]
AWS. 2021. AWS Shield Threat Landscape Review: 2020 Year-in-Review. https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
[12]
F. Baker and P. Savola. 2004. BCP 84, RFC 3704: Ingress Filtering for Multihomed Networks. https://www.rfc-editor.org/info/bcp84
[13]
Marinho Barcellos, Raphael Hiesgen, Marcin Nawrocki, Daniel Kopp, Oliver Hohlfeld, Echo Chan, Roland Dobbins, Christian Doer, Christian Rossow, Daniel R. Thomas, Mattijs Jonker, Ricky Mok, Xiapu Luo, John Kristoff, Thomas C. Schmidt, Matthias Wählisch, and KC Claffy. 2024. DDoS Industry Reports Repository. https://ddoscovery.github.io/
[14]
S. M. Bellovin. 1989. Security Problems in the TCP/IP Protocol Suite. SIGCOMM Comput. Commun. Rev., Vol. 19, 2 (April 1989), 32--48.
[15]
Agathe Blaise, Mathieu Bouet, Vania Conan, and Stefano Secci. 2020. Detection of zero-day attacks: An unsupervised port-based approach. Computer Networks, Vol. 180 (2020), 107391. https://doi.org/10.1016/j.comnet.2020.107391
[16]
Norbert Blenn, Vincent Ghiëtte, and Christian Doerr. 2017. Quantifying the Spectrum of Denial-of-Service Attacks through Internet Backscatter. In Proc. of the ARES (Reggio Calabria, Italy). ACM, New York, NY, USA, Article 21, 10 pages. https://doi.org/10.1145/3098954.3098985
[17]
Kevin Bock, Abdulrahman Alaraj, Yair Fax, Kyle Hurley, Eric Wustrow, and Dave Levin. 2021. Weaponizing Middleboxes for TCP Reflected Amplification. In Proc. of USENIX Security. USENIX Association, Berkeley, CA, USA, 3345--3361. https://www.usenix.org/conference/usenixsecurity21/presentation/bock
[18]
Brian Krebs. 2023. Feds Take Down 13 More DDoS-for-Hire Services. https://krebsonsecurity.com/2023/05/feds-take-down-13-more-ddos-for-hire-services
[19]
Renée Burton. 2019. Characterizing Certain DNS DDoS Attacks. CoRR, Vol. abs/1905.09958 (2019), 25 pages.showeprint[arXiv]1905.09958 http://arxiv.org/abs/1905.09958
[20]
C. Loibl and S. Hares and R. Raszuk and D. McPherson and M. Bacher. 2020. Dissemination of Flow Specification Rules. https://www.rfc-editor.org/rfc/rfc8955.
[21]
CAIDA. 2012. The UCSD Network Telescope. Website. https://www.caida.org/projects/network_telescope/ Last Access: Nov 2023.
[22]
R K C Chang. 2002. Defending against flooding-based distributed denial-of-service attacks: A tutorial. IEEE Communications Magazine, Vol. 40, 10 (Jan. 2002), 42--51. https://doi.org/10.1109/MCOM.2002.1039856
[23]
Benoît Claise. 2004. Cisco Systems NetFlow Services Export Version 9. RFC 3954. https://doi.org/10.17487/RFC3954
[24]
Richard Clayton, Julia Powles, and Cambridge University Legal. 2016. Cambridge Cybercrime Centre: Legal framework. Cambridge Cybercrime Centre. https://www.cambridgecybercrime.uk/data.html
[25]
Cloudflare. 2022. Cloudflare DDoS threat report 2022 Q3. https://blog.cloudflare.com/cloudflare-ddos-threat-report-2022-q3
[26]
Cloudflare. 2022. Cloudflare DDoS threat report for 2022 Q4. https://blog.cloudflare.com/ddos-threat-report-2022-q4/
[27]
Cloudflare. 2022. DDoS Attack Trends for 2022 Q1. https://blog.cloudflare.com/ddos-attack-trends-for-2022-q1/
[28]
Cloudflare. 2022 d. DDoS Attack Trends for Q2 2022. https://blog.cloudflare.com/ddos-attack-trends-for-2022-q2/
[29]
Cloudflare. 2023. Cloudflare DDoS Trends Report Q1 2023. https://cf-assets.www.cloudflare.com/slt3lc6tev37/4CvITDALVKaap3iwrNOWxI/f9a653dacc12d3635c1a1955b59a7b91/BDES-4486_Q1-2023-DDoS-Trends-Report-Letter.pdf
[30]
Ben Collier, Gemma Flynn, James Stewart, and Daniel Thomas. 2022. Influence government: Exploring practices, ethics, and power in the use of targeted advertising by the UK state. Big Data & Society, Vol. 9, 1 (2022), 1--13. https://doi.org/10.1177/20539517221078756
[31]
Ben Collier, Daniel R. Thomas, Richard Clayton, and Alice Hutchings. 2019. Booting the Booters: Evaluating the Effects of Police Interventions in the Market for Denial-of-Service Attacks. In Proc. of ACM IMC. ACM, New York, NY, USA, 50--64. https://doi.org/10.1145/3355369.3355592
[32]
COMCAST. 2021. Comcast Business DDoS Threat Report 2021. https://i.crn.com/sites/default/files/ckfinderimages/userfiles/images/crn/custom/2022/Comcast_LC_Q2_2022_DDoS_Threat_Report.pdf
[33]
COMCAST. 2023. 2023 Comcast Business Cybersecurity Threat Report. https://business.comcast.com/community/docs/default-source/default-document-library/ccb_threatreport_071723_v2.pdf'sfvrsn=c220ac01_2
[34]
Corero. 2023. 2023 DDoS Threat Intelligence Report. https://www.juniper.net/content/dam/www/assets/analyst-reports/us/en/2023/corero-ddos-threat-intelligence-report.pdf
[35]
Corero. 2023. How Have DDoS Attacks Evolved Over the Last 10 Years? https://www.corero.com/ddos-attack-evolution/
[36]
Corero. 2023. The Shifting Landscape of DDoS Attacks. https://www.corero.com/shifting-landscape/
[37]
Craig Labovitz. 2021. Tracing DDoS End-to-End in 2021. https://www.youtube.com/watch?v=TP3H_GefL-0
[38]
Crowdstrike. 2023. Global Threat Report. https://www.crowdstrike.com/global-threat-report/
[39]
Team Cymru. 2023. Unwanted Traffic Removal Service. https://www.team-cymru.com/ddos-mitigation-services
[40]
Evan Damon, Julian Dale, Evaristo Laron, Jens Mache, Nathan Land, and Richard Weiss. 2012. Hands-on Denial of Service Lab Exercises Using SlowLoris and RUDY. In Proc. of the InfoSecCD. ACM, New York, NY, USA, 21--29. https://doi.org/10.1145/2390317.2390321
[41]
DDoS-Guard. 2023. DDoS Attack Trends in 2022. https://ddos-guard.net/en/blog/ddos-attack-trends-2022
[42]
DDoS-Guard. 2023. DDoS-Guard Analytical Report on DDoS Attacks for 2022. https://ddos-guard.net/info/protect?id=40954
[43]
Anderson Bergamini de Neira, Burak Kantarci, and Michele Nogueira. 2023. Distributed denial of service attack prediction: Challenges, open issues and opportunities. Computer Networks, Vol. 222 (Jan 2023), 1--27. https://www.sciencedirect.com/science/article/pii/S1389128622005874
[44]
Homeland Security Department. 2024. Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements. https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements
[45]
Christoph Dietzel and Matthias Wichtlhuber. 2018. Stellar: Network Attack Mitigation using Advanced Blackholing. In Proc. of ACM CoNEXT. ACM, New York, NY, USA, 152--164. https://doi.org/10.1145/3281411.3281413
[46]
Christos Douligeris and Aikaterini Mitrokotsa. 2004. DDoS attacks and defense mechanisms: classification and state-of-the-art. Computer Networks, Vol. 44, 5 (2004), 643--666. https://doi.org/10.1016/j.comnet.2003.10.003
[47]
Ben Du, Cecilia Testart, Romain Fontugne, Gautam Akiwate, Alex C. Snoeren, and kc claffy. 2022. Mind Your MANRS: Measuring the MANRS Ecosystem. In Proc. of ACM IMC (IMC '22). ACM, New York, NY, USA, 716--729. https://doi.org/10.1145/3517745.3561419
[48]
W. Eddy. 2007. TCP SYN Flooding Attacks and Common Mitigations. RFC 4987. IETF. https://doi.org/10.17487/RFC4987
[49]
Elliott Peterson and Cameron Schroeder. 2023. Dismantling DDoS: Lessons in Scaling. https://www.blackhat.com/us-23/briefings/schedule/#dismantling-ddos-lessons-in-scaling-31408
[50]
European Commission. 2022. Reglation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020. https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act
[51]
European Union. 2021. The NIS2 Directive: A high common level of cybersecurity in the EU. https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2021)689333.
[52]
EUROPOL. 2022. Global crackdown against DDoS services shuts down most popular platforms. https://www.europol.europa.eu/media-press/newsroom/news/global-crackdown-against-ddos-services-shuts-down-most-popular-platforms
[53]
F5. 2023. F5 DDoS Attack Trends 2023. https://www.f5.com/labs/articles/threat-intelligence/2023-ddos-attack-trends
[54]
Olufunsho I. Falowo, Murat Ozer, Chengcheng Li, and Jacques Bou Abdo. 2024. Evolving Malware and DDoS Attacks: Decadal Longitudinal Study. IEEE Access, Vol. 12 (Mar 2024), 39221--39237. https://doi.org/10.1109/ACCESS.2024.3376682
[55]
Fastly. 2023. Cyber 5 Threat Insights. https://www.fastly.com/blog/cyber-5-threat-insights
[56]
Fastly. 2023. What Is a DDoS Attack? https://www.fastly.com/learning/what-is-a-ddos-attack
[57]
Anja Feldmann, Oliver Gasser, Franziska Lichtblau, Enric Pujol, Ingmar Poese, Christoph Dietzel, Daniel Wagner, Matthias Wichtlhuber, Juan Tapiador, Narseo Vallina-Rodriguez, Oliver Hohlfeld, and Georgios Smaragdakis. 2020. The Lockdown Effect: Implications of the COVID-19 Pandemic on Internet Traffic. In Proc. of ACM IMC. ACM, New York, NY, USA, 1--18. https://doi.org/10.1145/3419394.3423658
[58]
P. Ferguson and D. Senie. 2000. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. RFC 2827. IETF. https://doi.org/10.17487/RFC2827
[59]
FORTINET. 2023. Global Threat Landscape Report. https://global.fortinet.com/lp-en-ap-2023globalthreatlandscape-H1
[60]
Future Market Insights (FMI). 2023. DDoS Protection Market. https://www.futuremarketinsights.com/reports/ddos-protection-market
[61]
Thomas Geras and Thomas Schreck. 2023. Sharing Communities: The Good, the Bad, and the Ugly. In Proc. of the 2023 ACM SIGSAC Conference on Computer and Communications Security (Copenhagen, Denmark,) (CCS '23). Association for Computing Machinery, New York, NY, USA, 2755--2769. https://doi.org/10.1145/3576915.3623144
[62]
Vincent Ghiette and Christian Doerr. 2018. How Media Reports Trigger Copycats: An Analysis of the Brewing of the Largest Packet Storm to Date. In ACM SIGCOMM Workshop on Traffic Measurements for Cybersecurity (WTMC). ACM, New York, NY, USA, 8--13. https://doi.org/10.1145/3229598.3229606
[63]
Vasileios Giotsas, Georgios Smaragdakis, Christoph Dietzel, Philipp Richter, Anja Feldmann, and Arthur Berger. 2017. Inferring BGP Blackholing Activity in the Internet. In Proc. of ACM IMC. ACM, New York, NY, USA, 1--14. https://doi.org/10.1145/3131365.3131379
[64]
L. Gommans, J. Vollbrecht, B. Gommans-de Bruijn, and C. de Laat. 2015. The Service Provider Group framework: A framework for arranging trust and power to facilitate authorization of network services. Future Generation Computer Systems, Vol. 45 (2015), 176--192.
[65]
Harm Griffioen and Christian Doerr. 2020. Quantifying TCP SYN DDoS Resilience: A Longitudinal Study of Internet Services. In IFIP Networking. IEEE, Piscataway, NJ, USA, 217--225.
[66]
Harm Griffioen, Kris Oosthoek, Paul van der Knaap, and Christian Doerr. 2021. Scan, Test, Execute: Adversarial Tactics in Amplification DDoS Attacks. In Proc. of ACM CCS. ACM, New York, NY, USA, 940--954. https://doi.org/10.1145/3460120.3484747
[67]
Yuhei Hayashi, Meiling Chen, and Li Su. 2023. Use Cases for DDoS Open Threat Signaling (DOTS) Telemetry. RFC 9387. https://doi.org/10.17487/RFC9387
[68]
Tiago Heinrich, Rafael R. Obelheiro, and Carlos A. Maziero. 2021. New Kids on the DRDoS Block: Characterizing Multiprotocol and Carpet Bombing Attacks. In Proc. of PAM. Springer International Publishing, Cham, 269--283. https://doi.org/10.1007/978-3-030-72582-2_16
[69]
Raphael Hiesgen, Marcin Nawrocki, Alistair King, Alberto Dainotti, Thomas C. Schmidt, and Matthias Wählisch. 2022. Spoki: Unveiling a New Wave of Scanners through a Reactive Network Telescope. In Proc. of 31st USENIX Security Symposium. USENIX Association, Berkeley, CA, USA, 431--448. https://www.usenix.org/system/files/sec22-hiesgen.pdf
[70]
Raphael Hiesgen, Marcin Nawrocki, Thomas C. Schmidt, and Matthias Wählisch. 2022. The Race to the Vulnerable: Measuring the Log4j Shell Incident. In Proc. of Network Traffic Measurement and Analysis Conference (TMA) (Enschede, Netherlands). IFIP, Laxenburg, MD, Austria, 1--9.
[71]
Nico Hinze, Marcin Nawrocki, Mattijs Jonker, Alberto Dainotti, Thomas C. Schmidt, and Matthias Wählisch. 2018. On the Potential of BGP Flowspec for DDoS Mitigation at Two Sources: ISP and IXP. In Proc. of ACM SIGCOMM. Poster Session. ACM, New York, NY, USA, 57--59. https://doi.org/10.1145/3234200.3234209 2nd price at ACM student research competition.
[72]
Huawei. 2023. Global DDoS Attack Status and Trend Analysis in 2022. https://e.huawei.com/en/material/networking/security/0c561b8fd2d342999cd402bcecf6d452
[73]
Imperva. 2023. The Imperva Global DDoS Threat Landscape Report 2023. https://www.imperva.com/resources/resource-library/reports/ddos-threat-landscape-report-2023/
[74]
International Telecommunications Union (ITU). 2003. X.805: Security architecture for systems providing end-to-end communications. https://www.itu.int/rec/T-REC-X.805-200310-I/en
[75]
John Kristoff. 2015. An Internet-wide BGP RTBH service.
[76]
Mattijs Jonker, Alistair King, Johannes Krupp, Christian Rossow, Anna Sperotto, and Alberto Dainotti. 2017. Millions of Targets under Attack: A Macroscopic Characterization of the DoS Ecosystem. In Proc. of ACM IMC. ACM, New York, NY, USA, 100--113. https://doi.org/10.1145/3131365.3131383
[77]
Mattijs Jonker, Aiko Pras, Alberto Dainotti, and Anna Sperotto. 2018. A First Joint Look at DoS Attacks and BGP Blackholing in the Wild. In Proc. of ACM IMC. ACM, New York, NY, USA, 457--463. https://doi.org/10.1145/3278532.3278571
[78]
Mattijs Jonker, Anna Sperotto, Roland van Rijswijk-Deij, Ramin Sadre, and Aiko Pras. 2016. Measuring the Adoption of DDoS Protection Services. In Proc. of ACM IMC. ACM, New York, NY, USA, 279--285. https://doi.org/10.1145/2987443.2987487
[79]
Kaspersky. 2022. Kapersky DDoS Attacks in Q2 2022. https://securelist.com/ddos-attacks-in-q2-2022/107025/
[80]
Kaspersky. 2022. Kapersky DDoS Attacks in Q3 2022. https://securelist.com/ddos-report-q3-2022/107860/
[81]
Kaspersky. 2022. Kaspersky DDoS Report in Q1 2022. https://securelist.com/ddos-attacks-in-q1-2022/106358/
[82]
Daniel Kopp, Christoph Dietzel, and Oliver Hohlfeld. 2021. DDoS Never Dies? An IXP Perspective on DDoS Amplification Attacks. In Proc. of PAM. Springer International Publishing, Cham, 284--301. https://doi.org/10.1007/978-3-030-72582-2_17
[83]
Daniel Kopp, Matthias Wichtlhuber, Ingmar Poese, Jair Santanna, Oliver Hohlfeld, and Christoph Dietzel. 2019. DDoS Hide & Seek: On the Effectiveness of a Booter Services Takedown. In Proc. of ACM IMC. ACM, New York, NY, USA, 65--72. https://doi.org/10.1145/3355369.3355590
[84]
Lukas Krämer, Johannes Krupp, Daisuke Makita, Tomomi Nishizoe, Takashi Koide, Katsunari Yoshioka, and Christian Rossow. 2015. AmpPot: Monitoring and Defending Amplification DDoS Attacks. In Proc. of RAID. Springer Verlag, Berlin, Heidelberg, N.Y., 615--636. https://doi.org/10.1007/978-3-319-26362-5_28
[85]
John Kristoff. 2022. The DDoS Threat Landscape Report (NANOG 86). https://storage.googleapis.com/site-media-prod/meetings/NANOG86/4488/20221017_Kristoff_The_2022H1_Ddos_v1.pdf
[86]
Johannes Krupp, Michael Backes, and Christian Rossow. 2016. Identifying the Scan and Attack Infrastructures Behind Amplification DDoS Attacks. In Proc. of the ACM SIGSAC CCS (Vienna, Austria) (CCS '16). ACM, New York, NY, USA, 1426--1437. https://doi.org/10.1145/2976749.2978293
[87]
Johannes Krupp, Mohammad Karami, Christian Rossow, Damon McCoy, and Michael Backes. 2017. Linking Amplification DDoS Attacks to Booter Services. In Proc. of the RAID, Marc Dacier, Michael Bailey, Michalis Polychronakis, and Manos Antonakakis (Eds.). Springer International Publishing, Cham, 427--449.
[88]
Johannes Krupp and Christian Rossow. 2021. BGPeek-a-Boo: Active BGP-based Traceback for Amplification DDoS Attacks. In Proc. of IEEE Euro Security & Privacy. IEEE, Piscataway, NJ, USA, 423--439. https://doi.org/10.1109/EuroSP51992.2021.00036
[89]
Mirjam Kühne and John Kristoff. 2014. NTP Reflections. https://labs.ripe.net/author/mirjam/ntp-reflections/
[90]
Marc Kührer, Thomas Hupperich, Christian Rossow, and Thorsten Holz. 2014. Exit from Hell? Reducing the Impact of Amplification DDoS Attacks. In Proc. of USENIX Security. USENIX Association, Berkeley, CA, USA, 111--125. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/kuhrer
[91]
Marc Kührer, Thomas Hupperich, Christian Rossow, and Thorsten Holz. 2014. Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks. In Proc. of the USENIX WOOT (San Diego, CA) (WOOT'14). USENIX Association, Berkeley, CA, USA, 4.
[92]
Warren "Ace" Kumari and Danny R. McPherson. 2009. Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding (uRPF). RFC 5635. https://doi.org/10.17487/RFC5635
[93]
Black Lotus Labs. 2021. Tracking UDP Reflectors for a Safer Internet. https://blog.lumen.com/tracking-udp-reflectors-for-a-safer-internet/
[94]
Alexander Lex, Nils Gehlenborg, Hendrik Strobelt, Romain Vuillemot, and Hanspeter Pfister. 2014. UpSet: Visualization of Intersecting Sets. IEEE Transactions on Visualization and Computer Graphics, Vol. 20, 12 (2014), 1983--1992. https://doi.org/10.1109/TVCG.2014.2346248
[95]
LINK11. 2023. LINK11 DDOS-REPORT 2022. https://www.link11.com/en/download/ddos-report-2022/#download-detail-form
[96]
Matthew Luckie, Robert Beverly, Ryan Koga, Ken Keys, Joshua A Kroll, and K Claffy. 2019. Network Hygiene, Incentives, and Regulation: Deployment of Source Address Validation in the Internet. In ACM SIGSAC Conference on Computer and Communications Security (ACM CCS). ACM, New York, NY, USA, 465--480. https://doi.org/10.1145/3319535.3354232
[97]
Matthew Luckie, Ken Keys, Ryan Koga, Rob Beverly, and kc claffy. 2016. Spoofer Source Address Validation Measurement System. http://spoofer.caida.org
[98]
Lumen. 2022. Lumen Quarterly DDoS Report Q3 2022. https://assets.lumen.com/is/content/Lumen/lumen-quarterly-ddos-report-q3--2022?Creativeid=6f6d4450-a936-4f14-9121-6a7b8f292392
[99]
Lumen. 2022. Lumen Quarterly DDoS Report Q4 2022. https://blog.lumen.com/q4--2022-lumen-ddos-quarterly-report/
[100]
M3AAWG. 2017. M3AAWG Initial Recommendations: Arming Businesses Against DDoS Attacks. http://www.m3aawg.org/DDoS-Recommendations-Business.
[101]
M3AAWG. 2023. Scholl Receives 2023 M3AAWG J.D. Falk Award for IP Spoofing Mitigation. https://www.m3aawg.org/blog/2023JDFalkAward-TomScholl.
[102]
Mousa Taghizadeh Manavi. 2018. Defense mechanisms against Distributed Denial of Service attacks: A survey. Computers & Electrical Engineering, Vol. 72 (2018), 26--38. https://doi.org/10.1016/j.compeleceng.2018.09.001
[103]
Inc. Merit Network. 2024. ORION Network Telescope: Observatory for cyber-Risk Insights and Outages of Networks. Website. https://www.merit.edu/initiatives/orion-network-telescope/ Last Access: Nov 2023.
[104]
Jorge Merlino, Mohammed Asiri, and Neetesh Saxena. 2022. DDoS Cyber-Incident Detection in Smart Grids. Sustainability, Vol. 14 (02 2022), 2730. http://dx.doi.org/10.3390/su14052730
[105]
Jelena Mirkovic and Peter Reiher. 2004. A taxonomy of DDoS attack and DDoS defense mechanisms. ACM Sigcomm Computer Communication Review, Vol. 34, 2 (April 2004), 39--53. https://doi.org/10.1145/997150.997156
[106]
Asier Moneva and Rutger Leukfeldt. 2023. The effect of online ad campaigns on DDoS-attacks: A cross-national difference-in-differences quasi-experiment. Criminology & Public Policy, Vol. 22, 4 (2023), 869--894. https://doi.org/10.1111/1745--9133.12649
[107]
D Moore, C Shannon, D Brown, G Voelker, and S Savage. 2006. Inferring Internet Denial-of-Service Activity. ACM Transactions on Computer Systems, Vol. 24, 2 (May 2006), 115--139. https://doi.org/10.1145/1132026.1132027
[108]
Mortensen et al. 2007. DDoS Open Threat Signaling (DOTS) requirements. RFC 8612. IETF. https://doi.org/10.17487/RFC4987
[109]
Giovane C.M. Moura, Ricardo de O. Schmidt, John Heidemann, Wouter B. de Vries, Moritz Muller, Lan Wei, and Cristian Hesselman. 2016. Anycast vs. DDoS: Evaluating the November 2015 Root DNS Event. In Proc. of ACM IMC. ACM, New York, NY, USA, 255--270. https://doi.org/10.1145/2987443.2987446
[110]
Giovane C. M. Moura, Sebastian Castro, John Heidemann, and Wes Hardaker. 2021. TsuNAME: Exploiting Misconfiguration and Vulnerability to DDoS DNS. In Proc. of ACM IMC (Virtual Event) (IMC '21). ACM, New York, NY, USA, 398--418. https://doi.org/10.1145/3487552.3487824
[111]
Giovane C. M. Moura, John Heidemann, Moritz Müller, Ricardo de O. Schmidt, and Marco Davids. 2018. When the Dike Breaks: Dissecting DNS Defenses During DDoS. In Proc. of ACM IMC (Boston, MA, USA). ACM, New York, NY, USA, 8--21. https://doi.org/10.1145/3278532.3278534
[112]
Giovane C. M. Moura, Cristian Hesselman, Gerald Schaapman, Nick Boerman, and Octavia de Weerdt. 2020. Into the DDoS maelstrom: A longitudinal study of a scrubbing service. In 5th International Workshop on Traffic Measurements for Cybersecurity (WTMC 2020). IEEE, Piscataway, NJ, USA, 550--558. https://doi.org/10.1109/EuroSPW51379.2020.00081
[113]
Marcin Nawrocki, Jeremias Blendin, Christoph Dietzel, Thomas C Schmidt, and Matthias Wählisch. 2019. Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs. In Proc. of ACM IMC. ACM, New York, NY, USA, 435--448. https://doi.org/10.1145/3355369.3355593
[114]
Marcin Nawrocki, Raphael Hiesgen, Thomas C. Schmidt, and Matthias Wählisch. 2021. QUICsand: Quantifying QUIC Reconnaissance Scans and DoS Flooding Events. In Proc. of ACM IMC. ACM, New York, NY, USA, 283--291. https://doi.org/10.1145/3487552.3487840
[115]
Marcin Nawrocki, Mattijs Jonker, Thomas C. Schmidt, and Matthias Wählisch. 2021. The Far Side of DNS Amplification: Tracing the DDoS Attack Ecosystem from the Internet Core. In Proc. of ACM IMC. ACM, New York, NY, USA, 419--434. https://doi.org/10.1145/3487552.3487835
[116]
Marcin Nawrocki, Maynard Koch, Thomas C. Schmidt, and Matthias Wählisch. 2021. Transparent Forwarders: An Unnoticed Component of the Open DNS Infrastructure. In Proc. of ACM CoNEXT. ACM, New York, NY, USA, 454--462. https://doi.org/10.1145/3485983.3494872 Continued data collection: https://odns.secnow.net/data.
[117]
Marcin Nawrocki, John Kristoff, Chris Kanich, Raphael Hiesgen, Thomas C. Schmidt, and Matthias Wählisch. 2023. SoK: A Data-driven View on Methods to Detect Reflective Amplification DDoS Attacks Using Honeypots. In Proc. of IEEE Euro Security & Privacy (Delft, Netherlands). IEEE, Piscataway, NJ, USA, 576--591. https://doi.org/10.1109/EuroSP57164.2023.00041
[118]
Marcin Nawrocki, Pouyan Fotouhi Tehrani, Raphael Hiesgen, Jonas Mücke, Thomas C. Schmidt, and Matthias Wählisch. 2022. On the Interplay between TLS Certificates and QUIC Performance. In Proc. of ACM CoNEXT. ACM, New York, NY, USA, 204--213. https://dl.acm.org/doi/10.1145/3555050.3569123
[119]
NBIP. 2023. DDoS Attack Figures from the First Quarter 2023. https://www.nbip.nl/wp-content/uploads/2023/04/NBIP%20-%20Infographic%20-%20DDoS%20data%20-%202023%20Q1.pdf
[120]
NBIP. 2023. DDoS Attack Figures from the Fourth Quarter 2022. https://www.nbip.nl/wp-content/uploads/2023/01/NBIP%20-%20Infographic%20-%20DDoS%20data%20-%20Q4%202022%20%5BEN%5D.pdf
[121]
NBIP. 2023. DDoS Attack Figures from the Second Quarter 2023. https://www.nbip.nl/wp-content/uploads/2023/07/NBIP-Infographic-DDoS-data-Q2-2023-EN.pdf
[122]
Netscout. 2021. NETSCOUT Threat Intelligence Report 2H 2021. https://www.netscout.com/sites/default/files/2022-03/ThreatReport_2H2021_WEB.pdf
[123]
Netscout. 2022. TP240PhoneHome Reflection/Amplification DDoS Attack Vector. https://www.netscout.com/blog/asert/tp240phonehome-reflectionamplification-ddos-attack-vector
[124]
Netscout. 2023. 5th Anniversary DDoS Threat Intelligence Report: Unveiling the New Threat Landscape. https://www.netscout.com/threatreport/wp-content/uploads/2023/04/Threat-Report-2H2022.pdf
[125]
Netscout. 2023. NETSCOUT DDoS Attack Vectors and Methodology. https://www.netscout.com/resources/threat-report/threat-intelligence-report-ddos-attack-vectors-and-methodology
[126]
Netscout. 2023. Service Location Protocol (SLP) Reflection/Amplification Attack Mitigation Recommendations. https://www.netscout.com/blog/asert/slp-reflectionamplification-ddos-attack-vector
[127]
Netscout. 2023. Unveiling the New Threat Landscape. https://www.netscout.com/threatreport/ddos-threat-intelligence-report/
[128]
NETSCOUT. 2023. Unveiling the New Threat Landscape. https://web.archive.org/web/20230413213001/https://www.netscout.com/threatreport/ddos-threat-intelligence-report/#global-defense
[129]
NEXUSGUARD. 2023. DDoS Statistical Report for 1HY 2023. https://www.nexusguard.com/threat-report/ddos-statistical-report-for-1hy-2023
[130]
NEXUSGUARD. 2023. DDoS Statistical Report for 2022. https://blog.nexusguard.com/threat-report/ddos-statistical-report-for-2022
[131]
Nimrod Levy and John Schiel and John A Schiel. 2017. Bi-lateral Security Management Framework (aka DDoS peering). https://pc.nanog.org/static/published/meetings/NANOG71/1447/20171003_Levy_Operationalizing_Isp_v2.pdf.
[132]
Nokia. 2022. Nokia Deepfield Network Intelligence Report DDoS in 2021. https://onestore.nokia.com/asset/211059?_ga=2.234339031.813264975.1691960553-1225881009.1691960553
[133]
Nokia. 2022. The Changing DDoS Threat Landscape. https://www.nokia.com/networks/security/ddos-security/the-changing-ddos-threat-landscape/
[134]
Nokia. 2023. Nokia Threat Intelligence Report 2023. https://www.nokia.com/networks/security-portfolio/threat-intelligence-report/
[135]
Arman Noroozian, Maciej Korczy'nski, Carlos Hernandez Ga nan, Daisuke Makita, Katsunari Yoshioka, and Michel Van Eeten. 2016. Who Gets the Boot? Analyzing Victimization by DDoS-as-a-Service. In Proc. of RAID. Springer Verlag, Berlin, Heidelberg, N.Y., 368--389. https://doi.org/10.1007/978-3-319-45719-2_17
[136]
NSFOCUS. 2023. 2022 Global DDoS Attack Landscape Report. https://nsfocusglobal.com/company-overview/resources/2022-global-ddos-attack-landscape-report/
[137]
Riyadh Rahef Nuiaa, Selvakumar Manickam, Ali Hakem Alsaeedi, and Esraa Saleh Alomari. 2022. Enhancing the Performance of Detect DRDoS DNS Attacks Based on the Machine Learning and Proactive Feature Selection (PFS) Model. IAENG International Journal of Computer Science, Vol. 49, 2 (2022), 14 pages.
[138]
Central District of California. 2023. SEIZURE WARRANT BY TELEPHONE OR OTHER RELIABLE ELECTRONIC MEANS. United States District Court. https://krebsonsecurity.com/wp-content/uploads/2023/05/Booter-seizure-warrant-Tucows.pdf
[139]
Ofcom. 2003. General statement of policy under section 105Y of the Communications Act 2003., 43 pages. https://www.ofcom.org.uk/__data/assets/pdf_file/0030/253677/General-statement-of-policy-under-section-105Y-of-the-Communications-Act-2003.pdf
[140]
Eric Osterweil, Pouyan Fotouhi Tehrani, Thomas C. Schmidt, and Matthias Wählisch. 2022. From the Beginning: Key Transitions in the First 15 Years of DNSSEC. Transactions on Network and Service Management (TNSM), Vol. 19, 4 (December 2022), 5265--5283. https://doi.org/10.1109/TNSM.2022.3195406
[141]
Palo Alto. 2023. Unit 42 INCIDENT RESPONSE REPORT 2022. https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/2022-unit42-incident-response-report-final.pdf
[142]
Ruoming Pang, Vinod Yegneswaran, Paul Barford, Vern Paxson, and Larry Peterson. 2004. Characteristics of Internet Background Radiation. In Proc. of the 4th ACM SIGCOMM conference on Internet measurement (Taormina, Sicily, Italy). ACM, New York, NY, USA, 27--40. http://doi.acm.org/10.1145/1028788.1028794
[143]
Vern Paxson. 2001. An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks. ACM Sigcomm Computer Communication Review, Vol. 31, 3 (2001), 38--47. https://doi.org/10.1145/505659.505664
[144]
Niels Provos and Thorsten Holz. 2008. Virtual Honeypots. From Botnet Tracking to Intrusion Detection 2nd ed.). Addison-Wesley, Upper Saddle River, NJ.
[145]
Qrator. 2022. Q1 2022 DDoS Attacks and BGP Incidents. https://blog.qrator.net/en/q1--2022-ddos-attacks-and-bgp-incidents_155/
[146]
Qrator. 2022. Q2 2022 DDoS attacks and BGP incidents. https://qratorlabs.medium.com/q2-2022-ddos-attacks-and-bgp-incidents-efe7e5c1395a
[147]
Qrator. 2022. Q3 2022 DDoS attacks and BGP incidents. https://blog.qrator.net/en/q3--2022-ddos-attacks-and-bgp-incidents_158/
[148]
Qrator. 2023. Q4 2022 DDoS Attacks and BGP Incidents. https://blog.qrator.net/en/q4--2022-ddos-attacks-and-bgp-incidents-report_163/
[149]
Radware. 2023. Radware Global Threat Analysis Report 2022. https://www.radware.com/2022-2023-global-threat-analysis-report/
[150]
Raju Rajan, Jim Boyle, Arun Sastry, Ron Cohen, David Durham, and Shai Herzog. 2000. The COPS (Common Open Policy Service) Protocol. RFC 2748. https://doi.org/10.17487/RFC2748
[151]
Research and Markets. 2023. Global DDoS Protection & Mitigation Security Market Report to 2027: Players Include CloudFlare, Corero, DDoS-Guard, Fastly and Fortinet. Website. https://www.prnewswire.com/news-releases/global-ddos-protection-mitigation-security-market-report-to-2027-players-include-cloudflare-corero-ddos-guard-fastly-and-fortinet-301752182.html
[152]
Rich Compton and Thomas Bowlby and Taylor Harris and Pratik Lotia. 2019. eBGP Flowspec Peering for DDoS Mitigation. https://pc.nanog.org/static/published/meetings/NANOG75/1887/20190219_Compton_Ebgp_Flowspec_Peering_v1.pdf
[153]
RioRey. 2015. RioRey Taxonomy DDoS V2. 9. https://static1.squarespace.com/static/5548bab5e4b08ecb6652391c/t/5d8d0538f8cc9e3295187a76/1569523017682/RioRey_Taxonomy_DDoS_V2.9.pdf
[154]
A S M Rizvi, Leandro Bertholdo, Jo ao Ceron, and John Heidemann. 2022. Anycast Agility: Network Playbooks to Fight DDoS. In Proc. of USENIX Security. USENIX Association, Boston, MA, 4201--4218. https://www.usenix.org/conference/usenixsecurity22/presentation/rizvi
[155]
Christian Rossow. 2014. Amplification Hell: Revisiting Network Protocols for DDoS Abuse. In Proc. of NDSS. Internet Society, Reston, VA, USA, 15 pages. https://doi.org/10.14722/ndss.2014.23233
[156]
Fabrice J. Ryba, Matthew Orlinski, Matthias Wählisch, Christian Rossow, and Thomas C. Schmidt. 2015. Amplification and DRDoS Attack Defense - A Survey and New Perspectives. Technical Report arXiv:1505.07892. Open Archive: arXiv.org. http://arxiv.org/abs/1505.07892
[157]
Ravjot Singh Samra and Marinho Barcellos. 2023. DDoS2Vec: Flow-level characterisation of volumetric DDoS attacks at scale. Proc. ACM Netw., Vol. 2, CoNEXT (Dec. 2023), 25 pages.
[158]
Matthew Sargent, John Kristoff, Vern Paxson, and Mark Allman. 2017. On the Potential Abuse of IGMP. ACM Sigcomm Computer Communication Review, Vol. 47, 1 (jan 2017), 27--35. https://doi.org/10.1145/3041027.3041031
[159]
Kyle Schomp, Onkar Bhardwaj, Eymen Kurdoglu, Mashooq Muhaimen, and Ramesh K. Sitaraman. 2020. Akamai DNS: Providing Authoritative Answers to the World's Queries. In Proc. of ACM SIGCOMM. ACM, New York, NY, USA, 465--478. https://doi.org/10.1145/3387514.3405881
[160]
ShadowServer. 2023. DDoS textbar The Shadowserver Foundation. https://www.shadowserver.org/topics/ddos/
[161]
ShadowServer. 2023. The Shadowserver Foundation: Network Reporting. https://www.shadowserver.org/what-we-do/network-reporting/
[162]
Shane Alcock and Alistair King. 2010. Corsaro Version 3, flow analysis tools. https://github.com/CAIDA/corsaro3/.
[163]
Stephen M. Specht and Ruby B. Lee. 2004. Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures. In Proc. of the PADS. ISCA, Winona, MN, USA, 543--550.
[164]
Splunk. 2023. Denial-of-Service Attacks: History, Techniques & Prevention. https://www.splunk.com/en_us/blog/learn/dos-denial-of-service-attacks.html
[165]
K. Sriram, D. Montgomery, and J. Haas. 2020. BCP 84, RFC 8704: Enhanced Feasible-Path Unicast Reverse Path Forwarding. https://www.rfc-editor.org/info/bcp84
[166]
Microsoft Azure Network Security Team. 2023. 2022 in Review: DDoS Attack Trends and Insights. https://www.microsoft.com/en-us/security/blog/2023/02/21/2022-in-review-ddos-attack-trends-and-insights/
[167]
Daniel R Thomas, Richard Clayton, and Alastair R Beresford. 2017. 1000 days of UDP amplification DDoS attacks. In 2017 APWG Symposium on Electronic Crime Research (eCrime). IEEE, Piscataway, NJ, USA, 79--84. https://doi.org/10.1109/ECRIME.2017.7945057
[168]
Daniel R. Thomas, Sergio Pastrana, Alice Hutchings, Richard Clayton, and Alastair R. Beresford. 2017. Ethical issues in research using datasets of illicit origin. In Proc. of ACM IMC (London, UK). ACM, New York, NY, USA, 445--462. https://doi.org/10.1145/3131365.3131389
[169]
Tony Miu Tung, Chenxu Wang, and Jinhe Wang. 2018. Understanding the Behaviors of BGP-based DDoS Protection Services. In Proc. of NSS. Springer International Publishing, Cham, 463--473.
[170]
U.K. Office of Communications (OFCOM). 2023. Automatic compensation: What you need to know. OFCOM. https://www.ofcom.org.uk/phones-telecoms-and-internet/advice-for-consumers/costs-and-billing/automatic-compensation-need-know
[171]
US Attorney's Office. 2023. Federal Authorities Seize 13 Internet Domains Associated with 'Booter' Websites that Offered DDoS Computer Attack Services. https://www.justice.gov/usao-cdca/pr/federal-authorities-seize-13-internet-domains-associated-booter-websites-offered-ddos
[172]
U.S. Federal Communication Commission. 2018. Restoring Internet Freedom. 33 FCC Rcd 311 (1).
[173]
U.S. Federal Communication Commission. 2022. Broadband Consumer Labels. https://www.fcc.gov/broadbandlabels.
[174]
T. van den Hout, C. Hesselman, R. Poortinga, R. Yazdani, M. Jonker, C. Papachristos, P. De Lutiis, M. Baltatu, and B. Rodrigues. 2022. DDoS Clearing House Cookbook, CONCORDIA Deliverable D3.6. CONCORDIA. https://ddosclearinghouse.eu/cookbook Accessed on 15 July 2023.
[175]
Olivier van der Toorn, Johannes Krupp, Mattijs Jonker, Roland van Rijswijk-Deij, Christian Rossow, and Anna Sperotto. 2021. ANYway: Measuring the Amplification DDoS Potential of Domains. In Proc. of the CNSM. IEEE, Piscataway, NJ, USA, 500--508. https://doi.org/10.23919/CNSM52442.2021.9615596
[176]
Daniel Wagner, Daniel Kopp, Matthias Wichtlhuber, Christoph Dietzel, Oliver Hohlfeld, Georgios Smaragdakis, and Anja Feldmann. 2021. United We Stand: Collaborative Detection and Mitigation of Amplification DDoS Attacks at Scale. In Proc. of ACM CCS. ACM, New York, NY, USA, 970--987. https://doi.org/10.1145/3460120.3485385
[177]
Matthias Wichtlhuber, Eric Strehle, Daniel Kopp, Lars Prepens, Stefan Stegmueller, Alina Rubina, Christoph Dietzel, and Oliver Hohlfeld. 2022. IXP Scrubber: Learning from Blackholing Traffic for ML-Driven DDoS Detection at Scale. In SIGCOMM. ACM, New York, NY, USA, 16 pages. https://doi.org/10.1145/3544216.3544268
[178]
E. Wustrow, M. Karir, M. Bailey, F. Jahanian, and G. Huston. 2010. Internet Background Radiation Revisited. In Proc. of ACM IMC (Melbourne, Australia). ACM, NY, USA, 62--74. https://doi.org/10.1145/1879141.1879149
[179]
Zayo. 2022. A Look at Recent DDoS Attacks and the Cyberattack Landscape in 2022 So Far. https://www.zayo.com/resources/ddos-attack-trends/
[180]
Zayo. 2023. Protecting Your Business From Cyber Attacks: The State of DDoS Attacks DDoS (Insights From Q1 & Q2, 2023). https://go.zayo.com/zayo-ddos-protection-ebook/

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
IMC '24: Proceedings of the 2024 ACM on Internet Measurement Conference
November 2024
812 pages
ISBN:9798400705922
DOI:10.1145/3646547
This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2024

Check for updates

Author Tags

  1. ddos
  2. direct-path attacks
  3. reflection-amplification attacks

Qualifiers

  • Research-article

Funding Sources

Conference

IMC '24
IMC '24: ACM Internet Measurement Conference
November 4 - 6, 2024
Madrid, Spain

Acceptance Rates

Overall Acceptance Rate 277 of 1,083 submissions, 26%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 215
    Total Downloads
  • Downloads (Last 12 months)215
  • Downloads (Last 6 weeks)105
Reflects downloads up to 13 Jan 2025

Other Metrics

Citations

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media