Title
Peering into the Darkness: The Use of UTRS in Combating DDoS Attacks
Author
Anghel, R.I. (TU Delft Organisation & Governance)
Vetrivel, Swaathi (TU Delft Organisation & Governance)
Turcios Rodriguez, E.R. (TU Delft Organisation & Governance)
Sameshima, Kaichi (Yokohama National University)
Makita, Daisuke (Yokohama National University; National Institute of Information and Communications Technology)
Yoshioka, Katsunari (Yokohama National University)
Hernandez Ganan, C. (TU Delft Organisation & Governance)
Zhauniarovich, Y. (TU Delft Organisation & Governance)
Contributor
Tsudik, Gene (editor)
Conti, Mauro (editor)
Liang, Kaitai (editor)
Smaragdakis, Georgios (editor)
Date
2024
Abstract
Remotely Triggered Black Hole (RTBH) is a common DDoS mitigation approach that has been in use for the last two decades. Usually, it is implemented close to the attack victim in networks sharing some type of physical connectivity. The Unwanted Traffic Removal Service (UTRS) project offers a free, global, and relatively low-effort-to-join and operate RTBH alternative by removing the requirement of physical connectivity. Given these unique value propositions of UTRS, this paper aims to understand to what extent UTRS is adopted and used to mitigate DDoS attacks. To reach this goal, we collected two DDoS datasets describing amplification and Internet-of-Things-botnet-driven attacks and correlated them with the information from the third dataset containing blackholing requests propagated to the members of UTRS. Our findings suggest that, currently, just a small portion of UTRS members (approximately 10 % ) trigger mitigation attempts: out of 1200+ UTRS members, only 124 triggered blackholing events during our study. Among those, with high probability, 25 Autonomous Systems (ASes) reacted on AmpPot attacks mitigating 0.025 % of them globally or 1.03 % targeting UTRS members; 2 countered IoT-botnet-driven attacks alleviating 0.001 % of them globally or 0.06 % targeting UTRS members. This suggests that UTRS can be a useful tool in mitigating DDoS attacks, but it is not widely used.
Subject
DDoS attacks
RTBH
UTRS
To reference this document use:
http://resolver.tudelft.nl/uuid:f9723127-daa3-4674-a3c2-88c2b9a9bcf4
DOI
https://doi.org/10.1007/978-3-031-51476-0_2
Publisher
Springer
Embargo date
2024-07-11
ISBN
978-3-031-51475-3
Source
Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings
Event
28th European Symposium on Research in Computer Security, ESORICS 2023, 2023-09-25 → 2023-09-29, The Hague, Netherlands
Series
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 0302-9743, 14345 LNCS
Bibliographical note
Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.
Part of collection
Institutional Repository
Document type
conference paper
Rights
© 2024 R.I. Anghel, Swaathi Vetrivel, E.R. Turcios Rodriguez, Kaichi Sameshima, Daisuke Makita, Katsunari Yoshioka, C. Hernandez Ganan, Y. Zhauniarovich