20 Years of DDoS: a Call to Action

TL;DR

This paper reviews 20 years of DDoS attacks, highlighting increasing sophistication and the need for fundamental network design changes and research to effectively combat evolving threats.

Contribution

It calls for a renewed focus on basic research and principled analysis to address core network vulnerabilities enabling DDoS attacks.

Findings

DDoS attacks have become more sophisticated and widespread.

Current mitigation techniques are losing effectiveness.

Fundamental network design issues enable DDoS vulnerabilities.

Abstract

Botnet Distributed Denial of Service (DDoS) attacks are now 20 years old; what has changed in that time? Their disruptive presence, their volume, distribution across the globe, and the relative ease of launching them have all been trending in favor of attackers. Our increases in network capacity and our architectural design principles are making our online world richer, but are favoring attackers at least as much as Internet services. The DDoS mitigation techniques have been evolving but they are losing ground to the increasing sophistication and diversification of the attacks that have moved from the network to the application level, and we are operationally falling behind attackers. It is time to ask fundamental questions: are there core design issues in our network architecture that fundamentally enable DDoS attacks? How can our network infrastructure be enhanced to address the principles that enable the DDoS problem? How can we incentivize the development and deployment of the necessary changes? In this article, we want to sound an alarm and issue a call to action to the research community. We propose that basic research and principled analyses are badly needed, because the status quo does not paint a pretty picture for the future.