Victim routine influences the number of DDoS attacks: Evidence from Dutch educational network

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

2 Citations (Scopus)
10 Downloads (Pure)


We study the influence of daily routines of Dutch academic institutions on the number of DDoS attacks targeting their infrastructures. We hypothesise that the attacks are motivated and harness the postulates of Routine Activity Theory (RAT) from criminology to analyse the data. We define routine periods in order to group days with similar activities and use 2.5 years of NetFlow alerts data measured by SURFnet to compare the number of alerts generated during each of these periods. Our analysis shows clear correlation between academic schedules and attack patterns on academic institutions. This leads us to believe that most of these attacks are not random and are initiated by someone who might benefit by disrupting scheduled educational activities.

Original languageEnglish
Title of host publication2019 IEEE Security and Privacy Workshops, SPW 2019
Number of pages6
ISBN (Electronic)9781728135083
Publication statusPublished - 19 Sep 2019
EventIEEE Security and Privacy Workshops, SPW 2019 - San Francisco, United States
Duration: 23 May 201923 May 2019


ConferenceIEEE Security and Privacy Workshops, SPW 2019
Abbreviated titleSPW 2019
Country/TerritoryUnited States
CitySan Francisco


  • Aims
  • DDoS attacks
  • NetFlow analysis
  • Routine activity theory
  • 2023 OA procedure

Cite this