Distributed Denial of Service (DDoS) attacks were first observed over 20 years ago, but they still are the most serious threat to online services. At DE-CIX, we use a service called Blackholing to mitigate the effects of DDoS attacks against networks.
For the purposes of keeping the Internet and networks safe, this topic is also important for our research team. There is now a new piece of research available, “United We Stand: Collaborative Detection and Mitigation of Amplification DDoS Attacks at Scale”*. Generally, Internet Exchange platforms apply sophisticated techniques to detect attacks and to drop traffic locally. This research, however, evaluates whether it would be possible to mitigate more amplification attacks and drop more attack traffic if these different platforms collaborated.
Drop 90% more attack traffic locally
The research collected network data over six months and analyzed more than 120k amplification DDoS attacks. The surprise was that more than 80% of the attacks were not detected locally, and most of the attacks were visible for at least three Internet Exchanges.
Considering the shortcomings in detecting amplification attacks locally, the research team designed a collaborative architecture that allowed different Internet Exchange platforms to exchange information about ongoing amplification attacks. The evaluation of the results shows that it is possible to collaboratively detect and mitigate the majority of attacks with limited exchange of information and drop as much as 90% more attack traffic locally.
Award winning research
Daniel Wagner, Researcher at DE-CIX, has been awarded an Applied Networking Research Prize 2022 (ANRP) for this research. The ANRP is awarded to recognize the best recent results in applied networking, interesting new research ideas of potential relevance to the Internet standards community, and upcoming people that are likely to have an impact on Internet standards and technologies. Congratulations Daniel!