Booter blacklist: Unveiling DDoS-for-hire websites

Jose Jair Santanna, Ricardo De O. Schmidt, Daphne Tuncer, Joey De Vries, Lisandro Z. Granville, Aiko Pras

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    11 Citations (Scopus)
    26 Downloads (Pure)


    The expansion of Distributed Denial of Service (DDoS) for hire websites, known as Booters, has radically modified both the scope and stakes of DDoS attacks. Until recently, however, Booters have only received little attention from the research community. Given their impact, addressing the challenges associated with this phenomenon is crucial. In this paper, we present a rigorous methodology to identify a comprehensive set of existing Booters in the Internet. The methodology relies on well-defined mechanisms to generate a Booter blacklist, from crawling suspect URLs to characterizing and classifying the collected URLs. The list obtained using the methodology presented in this paper has a classification accuracy of 95.5%, which is 10.5% better compared to previous work. We also demonstrate the usage of our methodology applied by the Dutch NREN, SURFNet, which started using our blacklist to extend their Booters' activities monitoring.

    Original languageEnglish
    Title of host publication2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016
    EditorsShannon Keith-Marsoun, Carlos Raniery Paula dos Santos, Noura Limam, Mohamed Cheriet, Mohamed Faten Zhani, Olivier Festor
    Number of pages9
    ISBN (Electronic)9783901882852
    ISBN (Print)978-1-5090-3236-5
    Publication statusPublished - 13 Jan 2017
    Event12th international Conference on Network and Service Management, CNSM 2016 - Montreal, Canada
    Duration: 31 Oct 20164 Nov 2016
    Conference number: 12


    Conference12th international Conference on Network and Service Management, CNSM 2016
    Abbreviated titleCNSM 2016
    Internet address


    Dive into the research topics of 'Booter blacklist: Unveiling DDoS-for-hire websites'. Together they form a unique fingerprint.

    Cite this