Collaboratively Increasing the DDoS-Resilience of Digital Societies Through Anti-DDoS Coalitions

Distributed denial-of-service (DDoS) attacks continue to plague the Internet and are a risk to the availability of critical digital systems that we increasingly depend on in our daily lives, such as financial services and the Internet infrastructure. To curb this problem, we propose the novel concept of an Anti-DDoS Coalition (ADC), which is a group of network operators that collaboratively increase their DDoS-readiness by sharing fingerprints of the DDoS attacks they handle, and carries out DDoS exercises together. The novelty of an ADC is that it combines the technical systems for both of these activities with the legal and governance means to deploy ADCs in practice. This multidisciplinary approach is unlike previous work on collaborative DDoS mitigation that focused on technology development (and largely failed). We make three contributions. First, we develop a multidisciplinary blueprint for ADCs in terms of their activities (sharing DDoS fingerprints and carrying out DDoS exercises) and supporting legal agreements and governance mechanisms. Second, we design two open-source technical systems for ADCs: a "DDoS Clearing House" for sharing DDoS fingerprints, and a "DDoS-CH Cyber Range" for carrying out small-scale DDoS exercises, both of which extend network operators' existing scrubbing services and other standard anti-DDoS measures. Third, we validate the concept of an ADC in practice with the Netherlands' national Anti-DDoS Coalition (Dutch ADC), a joint effort of 22 network operators from industry, government, and academia that are currently deploying the DDoS-CH and the Cyber Range in production.