GMI-DDOS Recommended Reading List

Reading List

  1. Detection of zero-day attacks: An unsupervised port-based approach
    • Agathe Blaise, Mathieu Bouet, Vania Conan, Stefano Secci.
    • Abstract, PDF (paywall)
  2. Weaponizing Middleboxes for TCP Reflected Amplification
    • Kevin Bok, Abdulrahman Alaraj, Yair Fax and Kyle Hurley, Eric Wustrow, Dave Levin.
    • Abstract, PDF
  3. DDoS Cyber-Incident Detection in Smart Grids
  4. The Far Side of DNS Amplification: Tracing the DDoS Attack Ecosystem from the Internet Core
    • Marcin Nawrocki, Mattijs Jonker, Thomas C. Schmidt, Matthias Wählisch. IMC 2021.
    • DOI, Preprint
  5. Into the DDoS maelstrom: a longitudinal study of a scrubbing service
    • Giovane C. M. Moura, Cristian Hesselman. SIDN Labs Technical Report TR-2020-02, May 2020 (Update June 2020)
    • Abstract, PDF
  6. Characterizing Certain DNS DDoS Attacks
  7. Enhancing the Performance of Detect DRDoS DNS Attacks Based on the Machine Learning and Proactive Feature Selection (PFS) Model
    • Riyadh Rahef Nuiaa, Selvakumar Manickam, Ali Hakem Alsaeedi, and Esraa Saleh Alomari.
    • Abstract, PDF
  8. Quantifying the Spectrum of Denial-of-Service Attacks through Internet Backscatter
    • Norbert Blenn, Vincent Ghiëtte and Christian Doerr.
    • Abstract, PDF (paywall)
  9. Measuring the adoption of DDoS protection services
  10. Millions of Targets Under Attack: a Macroscopic Characterization of the DoS Ecosystem
  11. The DDoS Threat Landscape Report
  12. IXP Scrubber: Learning from Blackholing Traffic for ML-Driven DDoS Detection at Scale
    • Matthias Wichtlhuber, Eric Strehle, Lars Prepens, Alina Rubina, Daniel Kopp, Stefan Stegmüller, Christoph Dietzel, Oliver Hohlfeld.
    • PDF
  13. United We Stand: Collaborative Detection and Mitigation of Amplification DDoS Attacks at Scale
    • Daniel Wagner, Daniel Kopp, Matthias Wichtlhuber, Christoph Dietzel, Oliver Hohlfeld, Georgios Smaragdakis, Anja Feldmann.
    • PDF
  14. DDoS Never Dies? An IXP Perspective on DDoS Amplification Attacks
    • Daniel Kopp, Christoph Dietzel, Oliver Hohlfeld.
    • PDF
  15. DDoS Hide & Seek: On the Effectiveness of a Booter Services Takedown
    • Daniel Kopp, Matthias Wichtlhuber, Ingmar Poese, José Jair Cardoso de Santanna, Oliver Hohlfeld, Christoph Dietzel.
    • PDF
  16. Anycast vs. DDoS: Evaluating the November 2015 Root DNS Event
    • Giovane C. M. Moura, Ricardo de O. Schmidt, John Heidemann, Wouter B. de Vries, Moritz Müller, Lan Wei and Christian Hesselman.
    • PDF
  17. Amplification Hell: Revisiting Network Protocols for DDoS Abuse
    • Christian Rossow. NDSS’14.
    • PDF
  18. Exit from Hell? Reducing the Impact of Amplification DDoS Attacks
    • Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz. USENIX’14.
    • PDF
  19. Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks
    • Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz. WOOT’14.
    • PDF
  20. AmpPot: Monitoring and Defending Against Amplification DDoS Attacks
    • Lukas Krämer, Johannes Krupp, Daisuke Makita, Tomomi Nishizoe, Takashi Koide, Katsunari Yoshioka, Christian Rossow. RAID ‘15.
    • PDF
  21. Identifying the Scanners and Attack Infrastructure behind Amplification DDoS attacks
    • Johannes Krupp, Michael Backes, Christian Rossow. CCS ‘16.
    • PDF
  22. Linking Amplification DDoS Attacks to Booter Services
    • Johannes Krupp, Mohammad Karami, Christian Rossow, Damon McCoy, Michael Backes. RAID ‘17.
    • PDF
  23. BGPeek-a-Boo: Active BGP-based Traceback for Amplification DDoS Attacks
    • Johannes Krupp, Christian Rossow. EuroS&P ‘21
    • PDF
  24. ANYway: Measuring the Amplification DDoS Potential of Domains
    • Olivier van der Toorn, Johannes Krupp, Mattijs Jonker, Roland van Rijswijk-Deij, Christian Rossow, Anna Sperotto. CSNM ‘21.
    • PDF
  25. Spoki: Unveiling a New Wave of Scanners through a Reactive Network Telescope,
    • Raphael Hiesgen, Marcin Nawrocki, Alistair King, Alberto Dainotti, Thomas C. Schmidt, Matthias Wählisch. USENIX Security 2022.
    • Publisher, Preprint
  26. On the Interplay between TLS Certificates and QUIC Performance
    • Marcin Nawrocki, Pouyan Fotouhi Tehrani, Raphael Hiesgen, Jonas Mücke, Thomas C. Schmidt, Matthias Wählisch. CoNEXT 2022.
    • DOI, Preprint
  27. The Race to the Vulnerable: Measuring the Log4j Shell Incident
    • Raphael Hiesgen, Marcin Nawrocki, Thomas C. Schmidt, Matthias Wählisch. TMA 2022.
    • Preprint
  28. Transparent Forwarders: An Unnoticed Component of the Open DNS Infrastructure
    • Marcin Nawrocki, Maynard Koch, Thomas C. Schmidt, Matthias Wählisch. CoNEXT 2021
    • DOI, Preprint
  29. QUICsand: Quantifying QUIC Reconnaissance Scans and DoS Flooding Events
    • Marcin Nawrocki, Raphael Hiesgen, Thomas C. Schmidt, Matthias Wählisch. IMC 2021.
    • DOI, Preprint
  30. From the Beginning: Key Transitions in the First 15 Years of DNSSEC
    • Eric Osterweil, Pouyan Fotouhi Tehrani, Thomas C. Schmidt, Matthias Wählisch. IEEE Transactions on Network and Service Management, 2022.
    • DOI, Preprint
  31. Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs
    • Marcin Nawrocki, Jeremias Blendin, Christoph Dietzel, Thomas C. Schmidt, Matthias Wählisch. IMC 2019.
    • DOI, Preprint
  32. On the Potential of BGP Flowspec for DDoS Mitigation at Two Sources: ISP and IXP
    • Nico Hinze, Marcin Nawrocki, Mattijs Jonker, Alberto Dainotti, Thomas C. Schmidt, Matthias Wählisch. SIGCOMM Posters 2018.
    • DOI, Preprint
  33. Waiting for QUIC: On the Opportunities of Passive Measurements to Understand QUIC Deployments,
    • Jonas Mücke, Marcin Nawrocki, Raphael Hiesgen, Patrick Sattler, Johannes Zirngibl, Georg Carle, Thomas C. Schmidt, Matthias Wählisch. Technical Report, No. arXiv:2209.00965, September 2022.
    • Preprint
  34. Akamai DNS: Providing Authoritative Answers to the World’s Queries
    • SIGCOMM 2020: Session 14: Akamai DNS: Providing Authoritative Answers to the World’s Queries
    • Video, PDF
    • (Useful to understand what can be done on the Edge and Services side to minimize the risk of DDoS Reflection)
  35. Anycast Agility: Network Playbooks to Fight DDoS
    • A S M Rizvi, Leandro Bertholdo, João Ceron and John Heidemann. Proceedings of the 31st USENIX Security Symposium (Aug. 2022), 4201–4218.
    • PDF
  36. TsuNAME: exploiting misconfiguration and vulnerability to DDoS DNS
    • Giovane C. M. Moura, Sebastian Castro, John Heidemann and Wes Hardaker. Proceedings of the ACM Internet Measurement Conference (Virtual, Nov. 2021), 398–418.
    • DOI
  37. When the Dike Breaks: Dissecting DNS Defenses During DDoS
    • Giovane C. M. Moura, John Heidemann, Moritz Müller, Ricardo de O. Schmidt and Marco Davids. Proceedings of the ACM Internet Measurement Conference (Oct. 2018).
    • DOI
  38. Scan, Test, Execute: Adversarial Tactics in Amplification DDoS Attacks
    • Harm Griffioen, Kris Oosthoek, Paul van der Knaap and Christian Doerr. ACM CCS 2021.
    • DOI
  39. NTP Reflections
    • January, 2014
    • Blog
  40. On the Potential Abuse of IGMP
    • Matthew Sargent, John Kristoff, Vern Paxson, Mark Allman. Computer Communications Review (CCR) ACM SIGCOMM, January 2017.
    • PDF