Measuring the Adoption of DDoS Protection Services

Mattijs Jonker, Anna Sperotto, Roland M. van Rijswijk, R. Sadre, Aiko Pras

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    16 Citations (Scopus)
    372 Downloads (Pure)

    Abstract

    Distributed Denial-of-Service (DDoS) attacks have steadily gained in popularity over the last decade, their intensity ranging from mere nuisance to severe. The increased number of attacks, combined with the loss of revenue for the targets, has given rise to a market for DDoS Protection Service (DPS) providers, to whom victims can outsource the cleansing of their traffic by using traffic diversion. In this paper, we investigate the adoption of cloud-based DPSs worldwide. We focus on nine leading providers. Our outlook on adoption is made on the basis of active DNS measurements. We introduce a methodology that allows us, for a given domain name, to determine if traffic diversion to a DPS is in effect. It also allows us to distinguish various methods of traffic diversion and protection. For our analysis we use a long-term, large-scale data set that covers well over 50% of all names in the global domain namespace, in daily snapshots, over a period of 1.5 years. Our results show that DPS adoption has grown by 1.24x during our measurement period, a prominent trend compared to the overall expansion of the namespace. Our study also reveals that adoption is often lead by big players such as large Web hosters, which activate or deactivate DDoS protection for millions of domain names at once.
    Original languageUndefined
    Title of host publicationProceedings of the 2016 ACM Internet Measurement Conference, IMC 2016
    Place of PublicationNew York, NY, USA
    PublisherAssociation for Computing Machinery (ACM)
    Pages279-285
    Number of pages7
    ISBN (Print)978-1-4503-4526-2
    DOIs
    Publication statusPublished - 14 Nov 2016

    Keywords

    • EWI-27832
    • active DNS measurements
    • protectionnetworks
    • cloud-based security
    • protection services
    • DDoS attack mitigation

    Cite this

    Jonker, M., Sperotto, A., van Rijswijk, R. M., Sadre, R., & Pras, A. (2016). Measuring the Adoption of DDoS Protection Services. In Proceedings of the 2016 ACM Internet Measurement Conference, IMC 2016 (pp. 279-285). New York, NY, USA: Association for Computing Machinery (ACM). https://doi.org/10.1145/2987443.2987487
    Jonker, Mattijs ; Sperotto, Anna ; van Rijswijk, Roland M. ; Sadre, R. ; Pras, Aiko. / Measuring the Adoption of DDoS Protection Services. Proceedings of the 2016 ACM Internet Measurement Conference, IMC 2016. New York, NY, USA : Association for Computing Machinery (ACM), 2016. pp. 279-285
    @inproceedings{a12a12326b1a4c9598d58bfa13845ee2,
    title = "Measuring the Adoption of DDoS Protection Services",
    abstract = "Distributed Denial-of-Service (DDoS) attacks have steadily gained in popularity over the last decade, their intensity ranging from mere nuisance to severe. The increased number of attacks, combined with the loss of revenue for the targets, has given rise to a market for DDoS Protection Service (DPS) providers, to whom victims can outsource the cleansing of their traffic by using traffic diversion. In this paper, we investigate the adoption of cloud-based DPSs worldwide. We focus on nine leading providers. Our outlook on adoption is made on the basis of active DNS measurements. We introduce a methodology that allows us, for a given domain name, to determine if traffic diversion to a DPS is in effect. It also allows us to distinguish various methods of traffic diversion and protection. For our analysis we use a long-term, large-scale data set that covers well over 50{\%} of all names in the global domain namespace, in daily snapshots, over a period of 1.5 years. Our results show that DPS adoption has grown by 1.24x during our measurement period, a prominent trend compared to the overall expansion of the namespace. Our study also reveals that adoption is often lead by big players such as large Web hosters, which activate or deactivate DDoS protection for millions of domain names at once.",
    keywords = "EWI-27832, active DNS measurements, protectionnetworks, cloud-based security, protection services, DDoS attack mitigation",
    author = "Mattijs Jonker and Anna Sperotto and {van Rijswijk}, {Roland M.} and R. Sadre and Aiko Pras",
    year = "2016",
    month = "11",
    day = "14",
    doi = "10.1145/2987443.2987487",
    language = "Undefined",
    isbn = "978-1-4503-4526-2",
    pages = "279--285",
    booktitle = "Proceedings of the 2016 ACM Internet Measurement Conference, IMC 2016",
    publisher = "Association for Computing Machinery (ACM)",
    address = "United States",

    }

    Jonker, M, Sperotto, A, van Rijswijk, RM, Sadre, R & Pras, A 2016, Measuring the Adoption of DDoS Protection Services. in Proceedings of the 2016 ACM Internet Measurement Conference, IMC 2016. Association for Computing Machinery (ACM), New York, NY, USA, pp. 279-285. https://doi.org/10.1145/2987443.2987487

    Measuring the Adoption of DDoS Protection Services. / Jonker, Mattijs; Sperotto, Anna; van Rijswijk, Roland M.; Sadre, R.; Pras, Aiko.

    Proceedings of the 2016 ACM Internet Measurement Conference, IMC 2016. New York, NY, USA : Association for Computing Machinery (ACM), 2016. p. 279-285.

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - Measuring the Adoption of DDoS Protection Services

    AU - Jonker, Mattijs

    AU - Sperotto, Anna

    AU - van Rijswijk, Roland M.

    AU - Sadre, R.

    AU - Pras, Aiko

    PY - 2016/11/14

    Y1 - 2016/11/14

    N2 - Distributed Denial-of-Service (DDoS) attacks have steadily gained in popularity over the last decade, their intensity ranging from mere nuisance to severe. The increased number of attacks, combined with the loss of revenue for the targets, has given rise to a market for DDoS Protection Service (DPS) providers, to whom victims can outsource the cleansing of their traffic by using traffic diversion. In this paper, we investigate the adoption of cloud-based DPSs worldwide. We focus on nine leading providers. Our outlook on adoption is made on the basis of active DNS measurements. We introduce a methodology that allows us, for a given domain name, to determine if traffic diversion to a DPS is in effect. It also allows us to distinguish various methods of traffic diversion and protection. For our analysis we use a long-term, large-scale data set that covers well over 50% of all names in the global domain namespace, in daily snapshots, over a period of 1.5 years. Our results show that DPS adoption has grown by 1.24x during our measurement period, a prominent trend compared to the overall expansion of the namespace. Our study also reveals that adoption is often lead by big players such as large Web hosters, which activate or deactivate DDoS protection for millions of domain names at once.

    AB - Distributed Denial-of-Service (DDoS) attacks have steadily gained in popularity over the last decade, their intensity ranging from mere nuisance to severe. The increased number of attacks, combined with the loss of revenue for the targets, has given rise to a market for DDoS Protection Service (DPS) providers, to whom victims can outsource the cleansing of their traffic by using traffic diversion. In this paper, we investigate the adoption of cloud-based DPSs worldwide. We focus on nine leading providers. Our outlook on adoption is made on the basis of active DNS measurements. We introduce a methodology that allows us, for a given domain name, to determine if traffic diversion to a DPS is in effect. It also allows us to distinguish various methods of traffic diversion and protection. For our analysis we use a long-term, large-scale data set that covers well over 50% of all names in the global domain namespace, in daily snapshots, over a period of 1.5 years. Our results show that DPS adoption has grown by 1.24x during our measurement period, a prominent trend compared to the overall expansion of the namespace. Our study also reveals that adoption is often lead by big players such as large Web hosters, which activate or deactivate DDoS protection for millions of domain names at once.

    KW - EWI-27832

    KW - active DNS measurements

    KW - protectionnetworks

    KW - cloud-based security

    KW - protection services

    KW - DDoS attack mitigation

    U2 - 10.1145/2987443.2987487

    DO - 10.1145/2987443.2987487

    M3 - Conference contribution

    SN - 978-1-4503-4526-2

    SP - 279

    EP - 285

    BT - Proceedings of the 2016 ACM Internet Measurement Conference, IMC 2016

    PB - Association for Computing Machinery (ACM)

    CY - New York, NY, USA

    ER -

    Jonker M, Sperotto A, van Rijswijk RM, Sadre R, Pras A. Measuring the Adoption of DDoS Protection Services. In Proceedings of the 2016 ACM Internet Measurement Conference, IMC 2016. New York, NY, USA: Association for Computing Machinery (ACM). 2016. p. 279-285 https://doi.org/10.1145/2987443.2987487