Society heavily relies upon the Internet for global communications. Simultaneously, Internet stability and reliability are continuously subject to deliberate threats. These threats include (Distributed) Denial-of-Service (DDoS) attacks, which can potentially be devastating. As a result of DDoS, businesses lose hundreds of millions of dollars annually. Moreover, when it comes to vital infrastructure, national safety and even lives could be at stake. Effective defenses are therefore an absolute necessity. Prospective users of readily available mitigation solutions find themselves having many shapes and sizes to choose from, the right fit of which may, however, not always be apparent. In addition, the deployment and operation of mitigation solutions may come with hidden hazards that need to be better understood. Policy makers and governments also find themselves facing questions concerning what needs to be done to promote cybersafety on a national level. Developing an optimal course of action to deal with DDoS, therefore, also brings about societal challenges. Even though the DDoS problem is by no means new, the scale of the problem is still unclear. We do not know exactly what it is we are defending against and getting a better understanding of attacks is essential to addressing the problem head-on. To advance situational awareness, many technical and societal challenges need still to be tackled. Given the central importance of better understanding the DDoS problem to improve overall Internet security, the thesis that we summarize in this paper has three main contributions. First, we rigorously characterize attacks and attacked targets at scale. Second, we advance knowledge about the Internet-wide adoption, deployment and operational use of various mitigation solutions. Finally, we investigate hidden hazards that can render mitigation solutions altogether ineffective.
[1]
Anja Feldmann,et al.
Inferring BGP blackholing activity in the internet
,
2017,
Internet Measurement Conference.
[2]
D. Denning.
Activism, Hacktivism, and Cyberterrorism: the Internet As a Tool for Influencing Foreign Policy
,
2001
.
[3]
Ashish Garg,et al.
Quantifying the financial impact of IT security breaches
,
2003,
Inf. Manag. Comput. Secur..
[4]
Lukas Krämer,et al.
AmpPot: Monitoring and Defending Against Amplification DDoS Attacks
,
2015,
RAID.
[5]
Aiko Pras,et al.
Measuring the Adoption of DDoS Protection Services
,
2016,
Internet Measurement Conference.
[6]
Aiko Pras,et al.
A High-Performance, Scalable Infrastructure for Large-Scale Active DNS Measurements
,
2016,
IEEE Journal on Selected Areas in Communications.
[7]
Paul A. Taylor,et al.
Hacktivism and Cyberwars: Rebels with a Cause?
,
2004
.
[8]
Aiko Pras,et al.
A First Joint Look at DoS Attacks and BGP Blackholing in the Wild
,
2018,
Internet Measurement Conference.
[9]
Stefan Savage,et al.
Inferring Internet denial-of-service activity
,
2001,
TOCS.
[10]
Mattijs Jonker,et al.
Measuring exposure in DDoS protection services
,
2017,
2017 13th International Conference on Network and Service Management (CNSM).
[11]
Alberto Dainotti,et al.
Millions of targets under attack: a macroscopic characterization of the DoS ecosystem
,
2017,
Internet Measurement Conference.
[12]
Lachlan L. H. Andrew,et al.
Capturing ghosts: predicting the used IPv4 space by inferring unobserved addresses
,
2014,
Internet Measurement Conference.
[13]
Georgios Smaragdakis,et al.
Beyond Counting: New Perspectives on the Active IPv4 Address Space
,
2016,
Internet Measurement Conference.