DDoS-as-a-Service: Investigating Booter Websites

    Research output: ThesisPhD Thesis - Research UT, graduation UT

    4813 Downloads (Pure)


    Why should you care about Distributed Denial of Service (DDoS) attacks? If your Internet home connection would be the target of a DDoS attack, then not only your connectivity is gone, but also your telephone and TV programs. This is because many homes have triple-play-service (a package offered by Internet providers that includes TV programs and telephone service together with the Internet connectivity). Looking from a company perspective, in 2015, small and medium companies reported spending more than $US50,000 recovering from a DDoS attack, while large corporations reported an average $US410,000. This figure increased drastically in 2017: large corporations reported $US2.5M in revenue loss as a consequence of a DDoS attack. Given the rapid increase observed above, we can expect that these costs will continue to rise, just as our society's increased dependence on networked services.

    Until 2013, DDoS attacks were something that only a (relatively) skilled hacker could perform, and that required specialist knowledge. In 2013, the hacker community began offering DDoS attacks via Websites easily findable via popular searching engines (Google and Bing). Websites called ``booters'' and ``stressers'' offer, for very affordable prices, for example, starting from less than $US5, to perform as many DDoS attacks as requested for a month period. Between 2014 and 2017 booters were considered by network security companies to be the main responsible for the increase in (DDoS) attack power and frequency, making the investigation in this thesis even more critical and timely.

    The main contributions of this these are that we show: (1) how to find booters, (2) how to detect their clients accessing and using them, (3) the characteristics of their attacks, (4) what third-party companies are used by them to maintain their operations, (5) which booters are the most dangerous and (6) which ethical arguments can be used to support mitigation actions against them. Finally, while the core of this thesis is based on scientific publications, a number of solutions proposed in this thesis are actively deployed by network operators worldwide. In addition to this, the methodologies in this thesis are used by the Dutch High Tech Crime Unit for collecting evidences for prosecution cases.
    Original languageEnglish
    Awarding Institution
    • University of Twente
    • Pras, A., Supervisor
    • Granville, Lisandro Zambenedetti, Supervisor, External person
    • de O. Schmidt, R., Supervisor
    Award date17 Nov 2017
    Place of PublicationEnschede
    Print ISBNs978-90-365-4429-0
    Publication statusPublished - 17 Nov 2017


    • DDoS attacks
    • Booter
    • Stresser
    • DDoS-as-a-service


    Dive into the research topics of 'DDoS-as-a-Service: Investigating Booter Websites'. Together they form a unique fingerprint.

    Cite this