20 Years of DDoS: a Call to Action

Botnet Distributed Denial of Service (DDoS) attacks are now 20 years old; what has changed in that time? Their disruptive presence, their volume, distribution across the globe, and the relative ease of launching them have all been trending in favor of attackers. Our increases in network capacity and our architectural design principles are making our online world richer, but are favoring attackers at least as much as Internet services. The DDoS mitigation techniques have been evolving but they are losing ground to the increasing sophistication and diversification of the attacks that have moved from the network to the application level, and we are operationally falling behind attackers. It is time to ask fundamental questions: are there core design issues in our network architecture that fundamentally enable DDoS attacks? How can our network infrastructure be enhanced to address the principles that enable the DDoS problem? How can we incentivize the development and deployment of the necessary changes? In this article, we want to sound an alarm and issue a call to action to the research community. We propose that basic research and principled analyses are badly needed, because the status quo does not paint a pretty picture for the future.

[1]  Lixia Zhang,et al.  Expect More from the Networking: DDoS Mitigation by FITT in Named Data Networking , 2019, ArXiv.

[2]  Katsunari Yoshioka,et al.  Who Gets the Boot? Analyzing Victimization by DDoS-as-a-Service , 2016, RAID.

[3]  Alexander Afanasyev,et al.  A Brief Introduction to Named Data Networking , 2018, MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM).

[4]  Panayiotis Kotzanikolaou,et al.  Evaluating security controls against HTTP-based DDoS attacks , 2013, IISA 2013.

[5]  Abbass Asosheh,et al.  A comprehensive taxonomy of DDOS attacks and defense mechanism applying in a smart classification , 2008 .

[6]  Gene Tsudik,et al.  Improving secure server performance by re-balancing SSL/TLS handshakes , 2006, ASIACCS '06.

[7]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[8]  Michael Bailey,et al.  Taming the 800 Pound Gorilla: The Rise and Decline of NTP DDoS Attacks , 2014, Internet Measurement Conference.

[9]  Danny McPherson,et al.  Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding (uRPF) , 2009, RFC.

[10]  Fred Baker,et al.  Ingress Filtering for Multihomed Networks , 2004, RFC.

[11]  Patrick Crowley,et al.  Named data networking , 2014, CCRV.

[12]  Steve Mansfield-Devine,et al.  DDoS goes mainstream: how headline-grabbing attacks could make this threat an organisation's biggest nightmare , 2016, Netw. Secur..

[13]  Stephen T. Kent,et al.  An Infrastructure to Support Secure Internet Routing , 2012, RFC.

[14]  David Wetherall,et al.  TVA: a DoS-limiting network architecture , 2008, TNET.

[15]  Steve Mansfield-Devine,et al.  The growth and evolution of DDoS , 2015, Netw. Secur..

[16]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[17]  Flemming Andreasen,et al.  Distributed-Denial-of-Service Open Threat Signaling (DOTS) Architecture , 2020 .

[18]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[19]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[20]  Tzi-cker Chiueh,et al.  Spoof Detection for Preventing DoS Attacks against DNS Servers , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[21]  Anja Feldmann,et al.  Stellar: network attack mitigation using advanced blackholing , 2018, CoNEXT.