skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Millions of targets under attack: a macroscopic characterization of the DoS ecosystem

Journal Article ·
 [1];  [2];  [3];  [3];  [1];  [2]
  1. University of Twente
  2. CAIDA, UC San Diego
  3. Saarland University
+ Show Author Affiliations

Denial-of-Service attacks have rapidly increased in terms of frequency and intensity, steadily becoming one of the biggest threats to Internet stability and reliability. However, a rigorous comprehensive characterization of this phenomenon, and of countermeasures to mitigate the associated risks, faces many infrastructure and analytic challenges. We make progress toward this goal, by introducing and applying a new framework to enable a macroscopic characterization of attacks, attack targets, and DDoS Protection Services (DPSs). Our analysis leverages data from four independent global Internet measurement infrastructures over the last two years: backscatter traffic to a large network telescope; logs from amplification honeypots; a DNS measurement platform covering 60% of the current namespace; and a DNS-based data set focusing on DPS adoption. Our results reveal the massive scale of the DoS problem, including an eye-opening statistic that one-third of all / 24 networks recently estimated to be active on the Internet have suffered at least one DoS attack over the last two years. We also discovered that often targets are simultaneously hit by different types of attacks. In our data, Web servers were the most prominent attack target; an average of 3% of the Web sites in .com, .net, and .org were involved with attacks, daily. Finally, we shed light on factors influencing migration to a DPS.

Research Organization:
Lawrence Berkeley National Laboratory (LBNL), Berkeley, CA (United States). National Energy Research Scientific Computing Center (NERSC)
Sponsoring Organization:
USDOE
OSTI ID:
1544355
Country of Publication:
United States
Language:
English

References (15)

Booters — An analysis of DDoS-as-a-service attacks conference May 2015
Anycast vs. DDoS: Evaluating the November 2015 Root DNS Event conference January 2016
Measuring the Adoption of DDoS Protection Services conference January 2016
AmpPot: Monitoring and Defending Against Amplification DDoS Attacks book January 2015
Capturing ghosts: predicting the used IPv4 space by inferring unobserved addresses conference January 2014
Beyond Counting: New Perspectives on the Active IPv4 Address Space conference January 2016
Taming the 800 Pound Gorilla: The Rise and Decline of NTP DDoS Attacks conference January 2014
On the Potential Abuse of IGMP journal January 2017
DNSSEC and its potential for DDoS attacks: a comprehensive measurement study conference January 2014
The Akamai network: a platform for high-performance internet applications journal August 2010
Inferring Internet denial-of-service activity journal May 2006
A High-Performance, Scalable Infrastructure for Large-Scale Active DNS Measurements journal June 2016
Lost in Space: Improving Inference of IPv4 Address Space Utilization journal June 2016
Delving into Internet DDoS Attacks by Botnets: Characterization and Analysis conference June 2015
Who Gets the Boot? Analyzing Victimization by DDoS-as-a-Service book January 2016

Similar Records

Related Subjects