A review of amplification-based distributed denial of service attacks and their mitigation

Salih Ismail, Hani Ragab Hassen, Mike Just, Hind Zantout

Research output: Contribution to journalReview articlepeer-review

Abstract

The rise of Distributed Denial of Service (DDoS) attacks have been steady in terms of the frequency and the impact of the attack. Traditionally, the attackers required control of a huge amount of resources to launch an attack. This has changed with the use of reflectors and amplifiers in DDoS attacks. A recent shift consisted of using other protocols than the traditional NTP and DNS protocols which were heavily used for ADDoS. In this paper, we review and organize amplification-based DDoS (ADDoS) attacks and associated countermeasures into a new taxonomy. Furthermore, we present a modus operandi of ADDoS attacks and analyze how it differs from traditional DDoS attacks. We also investigate how accessible ADDoS are for attackers with average resources. We survey readily available open-source scripts on GitHub and also the ADDoS features available in hire-to-DDoS platforms. We believe that accessibility and low-cost of hire-to-DDoS platforms are the major reasons for the increase of amplification-based DDoS attacks. Lastly, we provide a list of future directions that might be interesting for the community to focus on.

Original languageEnglish
Article number102380
JournalComputers and Security
Volume109
Early online date24 Jun 2021
DOIs
Publication statusPublished - Oct 2021

Keywords

  • Amplification attack
  • DDoS
  • Reflection attack

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Fingerprint

Dive into the research topics of 'A review of amplification-based distributed denial of service attacks and their mitigation'. Together they form a unique fingerprint.

Cite this