United We Stand: Collaborative Detection and Mitigation of Amplification DDoS Attacks at Scale

Wagner, Daniel; Kopp, Daniel; Wichtlhuber, Matthias; Dietzel, Christoph; Hohlfeld, Oliver; Smaragdakis, Georgios; Feldmann, Anja

doi:10.1145/3460120.3485385

Cited by 21 publications

(3 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…During a mitigation, the DOTS server and client regularly share DDoS related telemetry with each other to refine the mitigation actions. Another recent work, DXP [158], allows multiple ISPs to share DDoS telemetry such as reflector server IPs, victim IPs and attack traffic volume with each other via a publisher/subscriber system to achieve better level of detection and mitigation. Rodrigues et al [159] proposed to use the blockchain systems as a distributed immutable database to signal and share the DDoS detection results, and mitigation information.…”

Section: D32 High-level Information Exchangementioning

confidence: 99%

Revealing the Architectural Design Patterns in the Volumetric DDoS Defense Design Space

Zhang,

Xiao,

Song

et al. 2024

Preprint

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks have plagued the Internet for decades. Despite the ever-increasing investments into mitigation solution development, DDoS attacks continue to grow with ever-increasing frequency and magnitude. To identify the root cause of the above-observed trend, in this paper, we conduct a systematic and architectural evaluation of volumetric DDoS detection and mitigation efforts over 24,000 papers, articles, and RFCs over 30+ years. To that end, we introduce a novel approach for systematizing comparisons of DDoS research, resulting in a comprehensive examination of the DDoS literature. Our analysis illustrates a small set of common design patterns across seemingly disparate solutions, and reveals insights into deployment traction and success of DDoS solutions. Furthermore, we discuss economic incentives and the lack of harmony between synergistic but independent approaches for detection and mitigation. As expected, defenses with a clear cost/benefit rationale are more prevalent than those that require extensive infrastructure changes. Finally, we discuss the lessons learned which we hope can shed light on future directions that can potentially turn the tide of the war against DDoS.

show abstract

Section: D32 High-level Information Exchangementioning

confidence: 99%

Revealing the Architectural Design Patterns in the Volumetric DDoS Defense Design Space

Zhang,

Xiao,

Song

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…Another type of DDoS mitigation involves BGP routing the victim networks, either temporarily during the attack or permanently, through a service provider that offers DDoS protection services, for example, Akamai, Arbor, Cloudflare [43]. [49] proposes a DXP (DDoS Information Exchange Point) that encourages collaboration between networks (IXPs) in detecting and mitigating DDoS attacks closer to the source, as such detection requires visibility at multiple locations. An ISP may also use a hidden Distributed Reflection DoS (DRDoS) honeypot [27] to filter out the unwanted traffic in their networks [52].…”

Section: Related Workmentioning

confidence: 99%

“…As the intensity, capacity, and duration of Denial of Service (DoS) attacks increase, network operators constantly look for countermeasures [26]. There are many DDoS mitigation methods, each having different levels of complexity, cost, and efficiency [49,50]. The most common are blackholing, clean pipe, content delivery networks (CDN) attack dilution, and antiDDoS proxy.…”

Section: Introductionmentioning

confidence: 99%