Measuring the Adoption of DDoS Protection Services

Mattijs Jonker, Anna Sperotto, Roland M. van Rijswijk, R. Sadre, Aiko Pras

  • 3 Citations

Abstract

Distributed Denial-of-Service (DDoS) attacks have steadily gained in popularity over the last decade, their intensity ranging from mere nuisance to severe. The increased number of attacks, combined with the loss of revenue for the targets, has given rise to a market for DDoS Protection Service (DPS) providers, to whom victims can outsource the cleansing of their traffic by using traffic diversion. In this paper, we investigate the adoption of cloud-based DPSs worldwide. We focus on nine leading providers. Our outlook on adoption is made on the basis of active DNS measurements. We introduce a methodology that allows us, for a given domain name, to determine if traffic diversion to a DPS is in effect. It also allows us to distinguish various methods of traffic diversion and protection. For our analysis we use a long-term, large-scale data set that covers well over 50% of all names in the global domain namespace, in daily snapshots, over a period of 1.5 years. Our results show that DPS adoption has grown by 1.24x during our measurement period, a prominent trend compared to the overall expansion of the namespace. Our study also reveals that adoption is often lead by big players such as large Web hosters, which activate or deactivate DDoS protection for millions of domain names at once.
Original languageUndefined
Title of host publicationProceedings of the 2016 ACM Internet Measurement Conference, IMC 2016
Place of PublicationNew York, NY, USA
PublisherACM
Pages279-285
Number of pages7
ISBN (Print)978-1-4503-4526-2
DOIs
StatePublished - 14 Nov 2016

Fingerprint

Denial-of-service attack

Keywords

  • EWI-27832
  • active DNS measurements
  • protectionnetworks
  • cloud-based security
  • protection services
  • DDoS attack mitigation

Cite this

Jonker, M., Sperotto, A., van Rijswijk, R. M., Sadre, R., & Pras, A. (2016). Measuring the Adoption of DDoS Protection Services. In Proceedings of the 2016 ACM Internet Measurement Conference, IMC 2016 (pp. 279-285). New York, NY, USA: ACM. DOI: 10.1145/2987443.2987487

Jonker, Mattijs; Sperotto, Anna; van Rijswijk, Roland M.; Sadre, R.; Pras, Aiko / Measuring the Adoption of DDoS Protection Services.

Proceedings of the 2016 ACM Internet Measurement Conference, IMC 2016. New York, NY, USA : ACM, 2016. p. 279-285.

Research output: Scientific - peer-reviewConference contribution

@inbook{a12a12326b1a4c9598d58bfa13845ee2,
title = "Measuring the Adoption of DDoS Protection Services",
abstract = "Distributed Denial-of-Service (DDoS) attacks have steadily gained in popularity over the last decade, their intensity ranging from mere nuisance to severe. The increased number of attacks, combined with the loss of revenue for the targets, has given rise to a market for DDoS Protection Service (DPS) providers, to whom victims can outsource the cleansing of their traffic by using traffic diversion. In this paper, we investigate the adoption of cloud-based DPSs worldwide. We focus on nine leading providers. Our outlook on adoption is made on the basis of active DNS measurements. We introduce a methodology that allows us, for a given domain name, to determine if traffic diversion to a DPS is in effect. It also allows us to distinguish various methods of traffic diversion and protection. For our analysis we use a long-term, large-scale data set that covers well over 50% of all names in the global domain namespace, in daily snapshots, over a period of 1.5 years. Our results show that DPS adoption has grown by 1.24x during our measurement period, a prominent trend compared to the overall expansion of the namespace. Our study also reveals that adoption is often lead by big players such as large Web hosters, which activate or deactivate DDoS protection for millions of domain names at once.",
keywords = "EWI-27832, active DNS measurements, protectionnetworks, cloud-based security, protection services, DDoS attack mitigation",
author = "Mattijs Jonker and Anna Sperotto and {van Rijswijk}, {Roland M.} and R. Sadre and Aiko Pras",
year = "2016",
month = "11",
doi = "10.1145/2987443.2987487",
isbn = "978-1-4503-4526-2",
pages = "279--285",
booktitle = "Proceedings of the 2016 ACM Internet Measurement Conference, IMC 2016",
publisher = "ACM",

}

Jonker, M, Sperotto, A, van Rijswijk, RM, Sadre, R & Pras, A 2016, Measuring the Adoption of DDoS Protection Services. in Proceedings of the 2016 ACM Internet Measurement Conference, IMC 2016. ACM, New York, NY, USA, pp. 279-285. DOI: 10.1145/2987443.2987487

Measuring the Adoption of DDoS Protection Services. / Jonker, Mattijs; Sperotto, Anna; van Rijswijk, Roland M.; Sadre, R.; Pras, Aiko.

Proceedings of the 2016 ACM Internet Measurement Conference, IMC 2016. New York, NY, USA : ACM, 2016. p. 279-285.

Research output: Scientific - peer-reviewConference contribution

TY - CHAP

T1 - Measuring the Adoption of DDoS Protection Services

AU - Jonker,Mattijs

AU - Sperotto,Anna

AU - van Rijswijk,Roland M.

AU - Sadre,R.

AU - Pras,Aiko

PY - 2016/11/14

Y1 - 2016/11/14

N2 - Distributed Denial-of-Service (DDoS) attacks have steadily gained in popularity over the last decade, their intensity ranging from mere nuisance to severe. The increased number of attacks, combined with the loss of revenue for the targets, has given rise to a market for DDoS Protection Service (DPS) providers, to whom victims can outsource the cleansing of their traffic by using traffic diversion. In this paper, we investigate the adoption of cloud-based DPSs worldwide. We focus on nine leading providers. Our outlook on adoption is made on the basis of active DNS measurements. We introduce a methodology that allows us, for a given domain name, to determine if traffic diversion to a DPS is in effect. It also allows us to distinguish various methods of traffic diversion and protection. For our analysis we use a long-term, large-scale data set that covers well over 50% of all names in the global domain namespace, in daily snapshots, over a period of 1.5 years. Our results show that DPS adoption has grown by 1.24x during our measurement period, a prominent trend compared to the overall expansion of the namespace. Our study also reveals that adoption is often lead by big players such as large Web hosters, which activate or deactivate DDoS protection for millions of domain names at once.

AB - Distributed Denial-of-Service (DDoS) attacks have steadily gained in popularity over the last decade, their intensity ranging from mere nuisance to severe. The increased number of attacks, combined with the loss of revenue for the targets, has given rise to a market for DDoS Protection Service (DPS) providers, to whom victims can outsource the cleansing of their traffic by using traffic diversion. In this paper, we investigate the adoption of cloud-based DPSs worldwide. We focus on nine leading providers. Our outlook on adoption is made on the basis of active DNS measurements. We introduce a methodology that allows us, for a given domain name, to determine if traffic diversion to a DPS is in effect. It also allows us to distinguish various methods of traffic diversion and protection. For our analysis we use a long-term, large-scale data set that covers well over 50% of all names in the global domain namespace, in daily snapshots, over a period of 1.5 years. Our results show that DPS adoption has grown by 1.24x during our measurement period, a prominent trend compared to the overall expansion of the namespace. Our study also reveals that adoption is often lead by big players such as large Web hosters, which activate or deactivate DDoS protection for millions of domain names at once.

KW - EWI-27832

KW - active DNS measurements

KW - protectionnetworks

KW - cloud-based security

KW - protection services

KW - DDoS attack mitigation

U2 - 10.1145/2987443.2987487

DO - 10.1145/2987443.2987487

M3 - Conference contribution

SN - 978-1-4503-4526-2

SP - 279

EP - 285

BT - Proceedings of the 2016 ACM Internet Measurement Conference, IMC 2016

PB - ACM

ER -

Jonker M, Sperotto A, van Rijswijk RM, Sadre R, Pras A. Measuring the Adoption of DDoS Protection Services. In Proceedings of the 2016 ACM Internet Measurement Conference, IMC 2016. New York, NY, USA: ACM. 2016. p. 279-285. Available from, DOI: 10.1145/2987443.2987487