Reading List

1. Detection of zero-day attacks: An unsupervised port-based approach
   • Agathe Blaise, Mathieu Bouet, Vania Conan, Stefano Secci.
   • Abstract, PDF (paywall)
2. Weaponizing Middleboxes for TCP Reflected Amplification
   • Kevin Bok, Abdulrahman Alaraj, Yair Fax and Kyle Hurley, Eric Wustrow, Dave Levin.
   • Abstract, PDF
3. DDoS Cyber-Incident Detection in Smart Grids
   • Jorge C. Merlino, Mohammed Asiri and Neetesh Saxena
   • Full text article
4. The Far Side of DNS Amplification: Tracing the DDoS Attack Ecosystem from the Internet Core
   • Marcin Nawrocki, Mattijs Jonker, Thomas C. Schmidt, Matthias Wählisch. IMC 2021.
   • DOI, Preprint
5. Into the DDoS maelstrom: a longitudinal study of a scrubbing service
   • Giovane C. M. Moura, Cristian Hesselman. SIDN Labs Technical Report TR-2020-02, May 2020 (Update June 2020)
   • Abstract, PDF
6. Characterizing Certain DNS DDoS Attacks
   • Renée Burton.
   • Abstract, PDF
7. Enhancing the Performance of Detect DRDoS DNS Attacks Based on the Machine Learning and Proactive Feature Selection (PFS) Model
   • Riyadh Rahef Nuiaa, Selvakumar Manickam, Ali Hakem Alsaeedi, and Esraa Saleh Alomari.
   • Abstract, PDF
8. Quantifying the Spectrum of Denial-of-Service Attacks through Internet Backscatter
   • Norbert Blenn, Vincent Ghiëtte and Christian Doerr.
   • Abstract, PDF (paywall)
9. Measuring the adoption of DDoS protection services
   • Abstract, PDF (paywall)
10. Millions of Targets Under Attack: a Macroscopic Characterization of the DoS Ecosystem
    • Abstract, PDF (paywall)
11. The DDoS Threat Landscape Report
    • PDF, Video
12. IXP Scrubber: Learning from Blackholing Traffic for ML-Driven DDoS Detection at Scale
    • Matthias Wichtlhuber, Eric Strehle, Lars Prepens, Alina Rubina, Daniel Kopp, Stefan Stegmüller, Christoph Dietzel, Oliver Hohlfeld.
    • PDF
13. United We Stand: Collaborative Detection and Mitigation of Amplification DDoS Attacks at Scale
    • Daniel Wagner, Daniel Kopp, Matthias Wichtlhuber, Christoph Dietzel, Oliver Hohlfeld, Georgios Smaragdakis, Anja Feldmann.
    • PDF
14. DDoS Never Dies? An IXP Perspective on DDoS Amplification Attacks
    • Daniel Kopp, Christoph Dietzel, Oliver Hohlfeld.
    • PDF
15. DDoS Hide & Seek: On the Effectiveness of a Booter Services Takedown
    • Daniel Kopp, Matthias Wichtlhuber, Ingmar Poese, José Jair Cardoso de Santanna, Oliver Hohlfeld, Christoph Dietzel.
    • PDF
16. Anycast vs. DDoS: Evaluating the November 2015 Root DNS Event
    • Giovane C. M. Moura, Ricardo de O. Schmidt, John Heidemann, Wouter B. de Vries, Moritz Müller, Lan Wei and Christian Hesselman.
    • PDF
17. Amplification Hell: Revisiting Network Protocols for DDoS Abuse
    • Christian Rossow. NDSS’14.
    • PDF
18. Exit from Hell? Reducing the Impact of Amplification DDoS Attacks
    • Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz. USENIX’14.
    • PDF
19. Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks
    • Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz. WOOT’14.
    • PDF
20. AmpPot: Monitoring and Defending Against Amplification DDoS Attacks
    • Lukas Krämer, Johannes Krupp, Daisuke Makita, Tomomi Nishizoe, Takashi Koide, Katsunari Yoshioka, Christian Rossow. RAID ‘15.
    • PDF
21. Identifying the Scanners and Attack Infrastructure behind Amplification DDoS attacks
    • Johannes Krupp, Michael Backes, Christian Rossow. CCS ‘16.
    • PDF
22. Linking Amplification DDoS Attacks to Booter Services
    • Johannes Krupp, Mohammad Karami, Christian Rossow, Damon McCoy, Michael Backes. RAID ‘17.
    • PDF
23. BGPeek-a-Boo: Active BGP-based Traceback for Amplification DDoS Attacks
    • Johannes Krupp, Christian Rossow. EuroS&P ‘21
    • PDF
24. ANYway: Measuring the Amplification DDoS Potential of Domains
    • Olivier van der Toorn, Johannes Krupp, Mattijs Jonker, Roland van Rijswijk-Deij, Christian Rossow, Anna Sperotto. CSNM ‘21.
    • PDF
25. Spoki: Unveiling a New Wave of Scanners through a Reactive Network Telescope,
    • Raphael Hiesgen, Marcin Nawrocki, Alistair King, Alberto Dainotti, Thomas C. Schmidt, Matthias Wählisch. USENIX Security 2022.
    • Publisher, Preprint
26. On the Interplay between TLS Certificates and QUIC Performance
    • Marcin Nawrocki, Pouyan Fotouhi Tehrani, Raphael Hiesgen, Jonas Mücke, Thomas C. Schmidt, Matthias Wählisch. CoNEXT 2022.
    • DOI, Preprint
27. The Race to the Vulnerable: Measuring the Log4j Shell Incident
    • Raphael Hiesgen, Marcin Nawrocki, Thomas C. Schmidt, Matthias Wählisch. TMA 2022.
    • Preprint
28. Transparent Forwarders: An Unnoticed Component of the Open DNS Infrastructure
    • Marcin Nawrocki, Maynard Koch, Thomas C. Schmidt, Matthias Wählisch. CoNEXT 2021
    • DOI, Preprint
29. QUICsand: Quantifying QUIC Reconnaissance Scans and DoS Flooding Events
    • Marcin Nawrocki, Raphael Hiesgen, Thomas C. Schmidt, Matthias Wählisch. IMC 2021.
    • DOI, Preprint
30. From the Beginning: Key Transitions in the First 15 Years of DNSSEC
    • Eric Osterweil, Pouyan Fotouhi Tehrani, Thomas C. Schmidt, Matthias Wählisch. IEEE Transactions on Network and Service Management, 2022.
    • DOI, Preprint
31. Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs
    • Marcin Nawrocki, Jeremias Blendin, Christoph Dietzel, Thomas C. Schmidt, Matthias Wählisch. IMC 2019.
    • DOI, Preprint
32. On the Potential of BGP Flowspec for DDoS Mitigation at Two Sources: ISP and IXP
    • Nico Hinze, Marcin Nawrocki, Mattijs Jonker, Alberto Dainotti, Thomas C. Schmidt, Matthias Wählisch. SIGCOMM Posters 2018.
    • DOI, Preprint
33. Waiting for QUIC: On the Opportunities of Passive Measurements to Understand QUIC Deployments,
    • Jonas Mücke, Marcin Nawrocki, Raphael Hiesgen, Patrick Sattler, Johannes Zirngibl, Georg Carle, Thomas C. Schmidt, Matthias Wählisch. Technical Report, No. arXiv:2209.00965, September 2022.
    • Preprint
34. Akamai DNS: Providing Authoritative Answers to the World’s Queries
    • SIGCOMM 2020: Session 14: Akamai DNS: Providing Authoritative Answers to the World’s Queries
    • Video, PDF
    • (Useful to understand what can be done on the Edge and Services side to minimize the risk of DDoS Reflection)
35. Anycast Agility: Network Playbooks to Fight DDoS
    • A S M Rizvi, Leandro Bertholdo, João Ceron and John Heidemann. Proceedings of the 31st USENIX Security Symposium (Aug. 2022), 4201–4218.
    • PDF
36. TsuNAME: exploiting misconfiguration and vulnerability to DDoS DNS
    • Giovane C. M. Moura, Sebastian Castro, John Heidemann and Wes Hardaker. Proceedings of the ACM Internet Measurement Conference (Virtual, Nov. 2021), 398–418.
    • DOI
37. When the Dike Breaks: Dissecting DNS Defenses During DDoS
    • Giovane C. M. Moura, John Heidemann, Moritz Müller, Ricardo de O. Schmidt and Marco Davids. Proceedings of the ACM Internet Measurement Conference (Oct. 2018).
    • DOI
38. Scan, Test, Execute: Adversarial Tactics in Amplification DDoS Attacks
    • Harm Griffioen, Kris Oosthoek, Paul van der Knaap and Christian Doerr. ACM CCS 2021.
    • DOI
39. NTP Reflections
    • January, 2014
    • Blog
40. On the Potential Abuse of IGMP
    • Matthew Sargent, John Kristoff, Vern Paxson, Mark Allman. Computer Communications Review (CCR) ACM SIGCOMM, January 2017.
    • PDF