Abstract:Motivated by the impressive but diffuse scope of DDoS research and reporting, we undertake a multistakeholder (joint industry-academic) analysis to seek convergence across the best available macroscopic views of the relative trends in two dominant classes of attacks - direct-path attacks and reflection-amplification attacks. We first analyze 24 industry reports to extract trends and (in)consistencies across observations by commercial stakeholders in 2022. We then analyze ten data sets spanning industry and academic sources, across four years (2019-2023), to find and explain discrepancies based on data sources, vantage points, methods, and parameters. Our method includes a new approach: we share an aggregated list of DDoS targets with industry players who return the results of joining this list with their proprietary data sources to reveal gaps in visibility of the academic data sources. We use academic data sources to explore an industry-reported relative drop in spoofed reflection-amplification attacks in 2021-2022. Our study illustrates the value, but also the challenge, in independent validation of security-related properties of Internet infrastructure. Finally, we reflect on opportunities to facilitate greater common understanding of the DDoS landscape. We hope our results inform not only future academic and industry pursuits but also emerging policy efforts to reduce systemic Internet security vulnerabilities.

What problem does this paper attempt to address?

This paper attempts to solve several key issues in Distributed Denial - of - Service (DDoS) attack assessment, as follows: 1. **Differences in Industry and Academic Assessments**: The scope of DDoS research and reports is impressive but fragmented, leading to differences in views on DDoS trends from different sources. The paper aims to seek agreement on a macro - perspective through multi - party cooperation (industry and academia) analysis. 2. **Comparative Analysis of Attack Types**: The paper focuses on two main types of DDoS attacks - direct - path attacks and reflection - amplification attacks, and attempts to reveal the differences and consistencies between these two attacks under different data sources, observation points, methods, and parameters. 3. **Data Transparency and Visibility Gap**: In order to improve transparency and identify the visibility gap of academic data sources, the paper proposes a new method: sharing the aggregated DDoS target list with industry participants, who will combine these lists with their proprietary data sources to reveal the blind spots of academic data sources. 4. **Policy and Regulatory Recommendations**: Given the growing interest of regulatory agencies in reducing systemic Internet security vulnerabilities, the paper hopes that its results can inform and guide future academic, industry efforts, and policy - making. ### Main Contributions of the Paper - **Classification and Knowledge Base Construction**: Extract and classify information describing DDoS phenomena from 2022 - 2023 in industry reports and publish it as a supplementary knowledge base. - **Multi - Source Data Analysis**: Quantitatively compare data sources over a decade, covering honeypots, Internet eXchange Points (IXP), and edge networks, including industry and academic observation points. This is the largest - scale longitudinal DDoS data correlation analysis to date. - **New Method to Promote Industry Transparency**: Propose and implement a new method to promote a certain degree of industry transparency, that is, by sharing academic data sources and combining them with industry data sources to reveal the visibility gap of academic data. - **Scientific Research and Policy Recommendations**: Propose multiple recommendations to promote research on the DDoS landscape, and evaluate whether the proposed mitigation measures are effective, while introducing possible self - regulatory methods and other potential regulatory developments. ### Conclusion The paper clearly shows through empirical research that assessing DDoS trends is challenging and requires collaboration between research and industry to obtain reliable insights. In addition, the paper also emphasizes the importance of data sharing to help formulate more effective policies to reduce systemic Internet security vulnerabilities.

The Age of DDoScovery: An Empirical Comparison of Industry and Academic DDoS Assessments

20 Years of DDoS: a Call to Action

2019–2023 in Review: Projecting DDoS Threats With ARIMA and ETS Forecasting Techniques

Large-scale empirical evaluation of DNS and SSDP amplification attacks

Evolving Malware and DDoS Attacks: Decadal Longitudinal Study

A Survey of Trends in Massive DDOS Attacks and Cloud-Based Mitigations

A Comprehensive Survey on Ddos Defense Systems: New Trends and Challenges

DDoSMiner: an Automated Framework for DDoS Attack Characterization and Vulnerability Mining.

A systematic review on distributed denial of service attack defense mechanisms in programmable networks

Distributed Denial of Service Attacks: A Threat or Challenge

Early Signals from Volumetric DDoS Attacks: An Empirical Study

No Time for Downtime: Understanding Post-Attack Behaviors by Customers of Managed DNS Providers

DDoS attacks and machine‐learning‐based detection methods: A survey and taxonomy

SoK: A Data-driven View on Methods to Detect Reflective Amplification DDoS Attacks Using Honeypots

Distributed Denial-of-Service (DDoS) Attacks and Defense Mechanisms in Various Web-Enabled Computing Platforms: Issues, Challenges, and Future Research Directions

A comprehensive survey on DDoS detection, mitigation, and defense strategies in software-defined networks

Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problems

Research on Distributed Denial-of-service Attacks:a Survey

IXmon: Detecting and Analyzing DRDoS Attacks at Internet Exchange Points

A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks

Understanding Internet DDoS Mitigation from Academic and Industrial Perspectives.