The age of DDoScovery : an empirical comparison of industry and academic DDoS assessments

Hiesgen, Raphael and Nawrocki, Marcin and Barcellos, Marinho and Kopp, Daniel and Hohlfeld, Oliver and Chan, Echo and Dobbins, Roland and Doerr, Christian and Thomas, Daniel R. and Rossow, Christian and Jonker, Mattijs and Mok, Ricky and Luo, Xiapu and Kristoff, John and Schmidt, Thomas C. and Wählisch, Matthias and claffy, kc; (2024) The age of DDoScovery : an empirical comparison of industry and academic DDoS assessments. In: Proceedings of the 2024 ACM Internet Measurement Conference (IMC ’24). ACM, ESP, pp. 259-279. ISBN 979-8-4007-0592-2/24/11 (https://doi.org/10.1145/3646547.3688451)

[thumbnail of Hiesgen-etal-The-Age-of-DDoScovery-An-Empirical-Comparison-of-Industry-and-Academic-DDoS-Assessments] Text. Filename: Hiesgen-etal-The-Age-of-DDoScovery-An-Empirical-Comparison-of-Industry-and-Academic-DDoS-Assessments.pdf
Final Published Version
Restricted to Repository staff only until 1 January 2099.
License: Creative Commons Attribution 4.0 logo
Download (1MB) | Request a copy

Abstract

Motivated by the impressive but diffuse scope of DDoS research and reporting, we undertake a multistakeholder (joint industry-academic) analysis to seek convergence across the best available macroscopic views of the relative trends in two dominant classes of attacks – direct-path attacks and reflection-amplification attacks. We first analyze 24 industry reports to extract trends and (in)consistencies across observations by commercial stakeholders in 2022. We then analyze ten data sets spanning industry and academic sources, across four years (2019-2023), to find and explain discrepancies based on data sources, vantage points, methods, and parameters. Our method includes a new approach: we share an aggregated list of DDoS targets with industry players who return the results of joining this list with their proprietary data sources to reveal gaps in visibility of the academic data sources. We use academic data sources to explore an industry-reported relative drop in spoofed reflection-amplification attacks in 2021-2022. Our study illustrates the value, but also the challenge, in independent validation of security-related properties of Internet infrastructure. Finally, we reflect on opportunities to facilitate greater common understanding of the DDoS landscape. We hope our results inform not only future academic and industry pursuits but also emerging policy efforts to reduce systemic Internet security vulnerabilities.

ORCID iDs

Hiesgen, Raphael, Nawrocki, Marcin, Barcellos, Marinho, Kopp, Daniel, Hohlfeld, Oliver, Chan, Echo, Dobbins, Roland, Doerr, Christian, Thomas, Daniel R. ORCID logoORCID: https://orcid.org/0000-0001-8936-0683, Rossow, Christian, Jonker, Mattijs, Mok, Ricky, Luo, Xiapu, Kristoff, John, Schmidt, Thomas C., Wählisch, Matthias and claffy, kc;
  • Item type:Book Section
    ID code:90926
    Dates:
    Date
    Event
    4 November 2024
    Published
    31 July 2024
    Accepted
    Subjects:
    Department:Faculty of Science > Computer and Information Sciences
    Depositing user: Pure Administrator
    Date deposited:23 Oct 2024 11:03
    Last modified:19 Nov 2024 08:42
    URI:https://strathprints.strath.ac.uk/id/eprint/90926
CORE (COnnecting REpositories)