Victimization in DDoS Attacks: The Role of Popularity and Industry Sector

Muhammad Yasir Muzayan Haq; Antonia Affinito; Alessio Botta; Anna Sperotto; Lambert J.M. Nieuwenhuis; Mattijs Jonker; Abhishta Abhishta

doi:10.2139/ssrn.4970423

Victimization in DDoS Attacks: The Role of Popularity and Industry Sector

Muhammad Yasir Muzayan Haq^*, Antonia Affinito, Alessio Botta, Anna Sperotto, Lambert J.M. Nieuwenhuis, Mattijs Jonker, Abhishta Abhishta

^*Corresponding author for this work

Research output: Contribution to journal › Article › Academic › peer-review

153 Downloads (Pure)

Abstract

DDoS attacks could have an economic motive such as extortion, but also social and political such as hacktivism and state-sponsored warfare. Hence, the monetary value of the targets does not always explain the victimization. To counter DDoS threats, cloud providers utilize more robust, distributed networks and implement DDoS evasion techniques such as Anycast. However, by hosting many targets under a single infrastructure, they also accumulate threats, which together might exceed the ability of the infrastructure. We approach the victimization problem by using VIVA (value, inertia, visibility, and access) attributes of the DDoS victims to understand what makes them a suitable target for DDoS attacks. We conduct a large-scale analysis of DDoS attack incidents inferred from traffic data recorded by a network telescope over a five-year period. Using Alexa rank and content category of the domain names associated with the targeted IP addresses, we infer the targets’ popularity and industry sector to estimate their

Original language	English
Number of pages	54
Journal	Computers & Security
Early online date	30 Sept 2024
DOIs	https://doi.org/10.2139/ssrn.4970423
Publication status	E-pub ahead of print/First online - 30 Sept 2024

Keywords

UT-Hybrid-D
Victimization
VIVA
Popularity
Industry sector
Accumulated threat
Cloud provider
Customer 0ortfolio
DDoS

Access to Document

10.2139/ssrn.4970423

Embargoed Document

Article
Accepted author version, 786 KB
Embargo ends: 30/09/25

Cite this

@article{0e73e3f31bfb479a878297b08d10c534,

title = "Victimization in DDoS Attacks: The Role of Popularity and Industry Sector",

abstract = "DDoS attacks could have an economic motive such as extortion, but also social and political such as hacktivism and state-sponsored warfare. Hence, the monetary value of the targets does not always explain the victimization. To counter DDoS threats, cloud providers utilize more robust, distributed networks and implement DDoS evasion techniques such as Anycast. However, by hosting many targets under a single infrastructure, they also accumulate threats, which together might exceed the ability of the infrastructure. We approach the victimization problem by using VIVA (value, inertia, visibility, and access) attributes of the DDoS victims to understand what makes them a suitable target for DDoS attacks. We conduct a large-scale analysis of DDoS attack incidents inferred from traffic data recorded by a network telescope over a five-year period. Using Alexa rank and content category of the domain names associated with the targeted IP addresses, we infer the targets{\textquoteright} popularity and industry sector to estimate their ",

keywords = "UT-Hybrid-D, Victimization, VIVA, Popularity, Industry sector, Accumulated threat, Cloud provider, Customer 0ortfolio, DDoS",

author = "Haq, {Muhammad Yasir Muzayan} and Antonia Affinito and Alessio Botta and Anna Sperotto and Nieuwenhuis, {Lambert J.M.} and Mattijs Jonker and Abhishta Abhishta",

year = "2024",

month = sep,

day = "30",

doi = "10.2139/ssrn.4970423",

language = "English",

journal = "Computers & Security",

issn = "0167-4048",

publisher = "Elsevier Ltd",

}

TY - JOUR

T1 - Victimization in DDoS Attacks

T2 - The Role of Popularity and Industry Sector

AU - Haq, Muhammad Yasir Muzayan

AU - Affinito, Antonia

AU - Botta, Alessio

AU - Sperotto, Anna

AU - Nieuwenhuis, Lambert J.M.

AU - Jonker, Mattijs

AU - Abhishta, Abhishta

PY - 2024/9/30

Y1 - 2024/9/30

N2 - DDoS attacks could have an economic motive such as extortion, but also social and political such as hacktivism and state-sponsored warfare. Hence, the monetary value of the targets does not always explain the victimization. To counter DDoS threats, cloud providers utilize more robust, distributed networks and implement DDoS evasion techniques such as Anycast. However, by hosting many targets under a single infrastructure, they also accumulate threats, which together might exceed the ability of the infrastructure. We approach the victimization problem by using VIVA (value, inertia, visibility, and access) attributes of the DDoS victims to understand what makes them a suitable target for DDoS attacks. We conduct a large-scale analysis of DDoS attack incidents inferred from traffic data recorded by a network telescope over a five-year period. Using Alexa rank and content category of the domain names associated with the targeted IP addresses, we infer the targets’ popularity and industry sector to estimate their

AB - DDoS attacks could have an economic motive such as extortion, but also social and political such as hacktivism and state-sponsored warfare. Hence, the monetary value of the targets does not always explain the victimization. To counter DDoS threats, cloud providers utilize more robust, distributed networks and implement DDoS evasion techniques such as Anycast. However, by hosting many targets under a single infrastructure, they also accumulate threats, which together might exceed the ability of the infrastructure. We approach the victimization problem by using VIVA (value, inertia, visibility, and access) attributes of the DDoS victims to understand what makes them a suitable target for DDoS attacks. We conduct a large-scale analysis of DDoS attack incidents inferred from traffic data recorded by a network telescope over a five-year period. Using Alexa rank and content category of the domain names associated with the targeted IP addresses, we infer the targets’ popularity and industry sector to estimate their

KW - UT-Hybrid-D

KW - Victimization

KW - VIVA

KW - Popularity

KW - Industry sector

KW - Accumulated threat

KW - Cloud provider

KW - Customer 0ortfolio

KW - DDoS

U2 - 10.2139/ssrn.4970423

DO - 10.2139/ssrn.4970423

M3 - Article

SN - 0167-4048

JO - Computers & Security

JF - Computers & Security

ER -

Victimization in DDoS Attacks: The Role of Popularity and Industry Sector

Abstract

Keywords

Access to Document

Embargoed Document

Fingerprint

Cite this