Measuring the Adoption of DDoS Protection Services

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    28 Citations (Scopus)
    744 Downloads (Pure)


    Distributed Denial-of-Service (DDoS) attacks have steadily gained in popularity over the last decade, their intensity ranging from mere nuisance to severe. The increased number of attacks, combined with the loss of revenue for the targets, has given rise to a market for DDoS Protection Service (DPS) providers, to whom victims can outsource the cleansing of their traffic by using traffic diversion. In this paper, we investigate the adoption of cloud-based DPSs worldwide. We focus on nine leading providers. Our outlook on adoption is made on the basis of active DNS measurements. We introduce a methodology that allows us, for a given domain name, to determine if traffic diversion to a DPS is in effect. It also allows us to distinguish various methods of traffic diversion and protection. For our analysis we use a long-term, large-scale data set that covers well over 50% of all names in the global domain namespace, in daily snapshots, over a period of 1.5 years. Our results show that DPS adoption has grown by 1.24x during our measurement period, a prominent trend compared to the overall expansion of the namespace. Our study also reveals that adoption is often lead by big players such as large Web hosters, which activate or deactivate DDoS protection for millions of domain names at once.
    Original languageUndefined
    Title of host publicationProceedings of the 2016 ACM Internet Measurement Conference, IMC 2016
    Place of PublicationNew York, NY, USA
    PublisherAssociation for Computing Machinery (ACM)
    Number of pages7
    ISBN (Print)978-1-4503-4526-2
    Publication statusPublished - 14 Nov 2016
    Event2016 ACM Internet Measurement Conference, IMC 2016 - Santa Monica, CA, USA
    Duration: 14 Nov 201616 Nov 2016


    Conference2016 ACM Internet Measurement Conference, IMC 2016
    Other14-16 Nov 2016


    • EWI-27832
    • active DNS measurements
    • protectionnetworks
    • cloud-based security
    • protection services
    • DDoS attack mitigation

    Cite this