Measuring the Adoption of DDoS Protection Services

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    41 Citations (Scopus)
    1014 Downloads (Pure)

    Abstract

    Distributed Denial-of-Service (DDoS) attacks have steadily gained in popularity over the last decade, their intensity ranging from mere nuisance to severe. The increased number of attacks, combined with the loss of revenue for the targets, has given rise to a market for DDoS Protection Service (DPS) providers, to whom victims can outsource the cleansing of their traffic by using traffic diversion. In this paper, we investigate the adoption of cloud-based DPSs worldwide. We focus on nine leading providers. Our outlook on adoption is made on the basis of active DNS measurements. We introduce a methodology that allows us, for a given domain name, to determine if traffic diversion to a DPS is in effect. It also allows us to distinguish various methods of traffic diversion and protection. For our analysis we use a long-term, large-scale data set that covers well over 50% of all names in the global domain namespace, in daily snapshots, over a period of 1.5 years. Our results show that DPS adoption has grown by 1.24x during our measurement period, a prominent trend compared to the overall expansion of the namespace. Our study also reveals that adoption is often lead by big players such as large Web hosters, which activate or deactivate DDoS protection for millions of domain names at once.
    Original languageUndefined
    Title of host publicationProceedings of the 2016 ACM Internet Measurement Conference, IMC 2016
    Place of PublicationNew York, NY, USA
    PublisherAssociation for Computing Machinery
    Pages279-285
    Number of pages7
    ISBN (Print)978-1-4503-4526-2
    DOIs
    Publication statusPublished - 14 Nov 2016
    Event2016 ACM Internet Measurement Conference, IMC 2016 - Santa Monica, CA, USA
    Duration: 14 Nov 201616 Nov 2016

    Conference

    Conference2016 ACM Internet Measurement Conference, IMC 2016
    Period14/11/1616/11/16
    Other14-16 Nov 2016

    Keywords

    • EWI-27832
    • active DNS measurements
    • protectionnetworks
    • cloud-based security
    • protection services
    • DDoS attack mitigation

    Cite this