Peering into the Darkness: The Use of UTRS in Combating DDoS Attacks

Anghel, R.I.; Vetrivel, Swaathi; Turcios Rodriguez, E.R.; Sameshima, Kaichi; Makita, Daisuke; Yoshioka, Katsunari; Hernandez Ganan, C.; Zhauniarovich, Y.

doi:10.1007/978-3-031-51476-0_2

Peering into the Darkness

Title

Peering into the Darkness: The Use of UTRS in Combating DDoS Attacks

Author

Anghel, R.I. (TU Delft Organisation & Governance)
Vetrivel, Swaathi (TU Delft Organisation & Governance)
Turcios Rodriguez, E.R. (TU Delft Organisation & Governance)
Sameshima, Kaichi (Yokohama National University)
Makita, Daisuke (Yokohama National University; National Institute of Information and Communications Technology)
Yoshioka, Katsunari (Yokohama National University)
Hernandez Ganan, C. (TU Delft Organisation & Governance)
Zhauniarovich, Y. (TU Delft Organisation & Governance)

Contributor

Tsudik, Gene (editor)
Conti, Mauro (editor)
Liang, Kaitai (editor)
Smaragdakis, Georgios (editor)

Date

2024

Abstract

Remotely Triggered Black Hole (RTBH) is a common DDoS mitigation approach that has been in use for the last two decades. Usually, it is implemented close to the attack victim in networks sharing some type of physical connectivity. The Unwanted Traffic Removal Service (UTRS) project offers a free, global, and relatively low-effort-to-join and operate RTBH alternative by removing the requirement of physical connectivity. Given these unique value propositions of UTRS, this paper aims to understand to what extent UTRS is adopted and used to mitigate DDoS attacks. To reach this goal, we collected two DDoS datasets describing amplification and Internet-of-Things-botnet-driven attacks and correlated them with the information from the third dataset containing blackholing requests propagated to the members of UTRS. Our findings suggest that, currently, just a small portion of UTRS members (approximately 10 % ) trigger mitigation attempts: out of 1200+ UTRS members, only 124 triggered blackholing events during our study. Among those, with high probability, 25 Autonomous Systems (ASes) reacted on AmpPot attacks mitigating 0.025 % of them globally or 1.03 % targeting UTRS members; 2 countered IoT-botnet-driven attacks alleviating 0.001 % of them globally or 0.06 % targeting UTRS members. This suggests that UTRS can be a useful tool in mitigating DDoS attacks, but it is not widely used.

Subject

DDoS attacks
RTBH
UTRS

To reference this document use:

http://resolver.tudelft.nl/uuid:f9723127-daa3-4674-a3c2-88c2b9a9bcf4

DOI

https://doi.org/10.1007/978-3-031-51476-0_2

Publisher

Springer

Embargo date

2024-07-11

ISBN

978-3-031-51475-3

Source

Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings

Event

28th European Symposium on Research in Computer Security, ESORICS 2023, 2023-09-25 → 2023-09-29, The Hague, Netherlands

Series

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 0302-9743, 14345 LNCS

Bibliographical note

Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Part of collection

Institutional Repository

Document type

conference paper

Rights

Files

file embargo until 2024-07-11