Revealing the Architectural Design Patterns in the Volumetric DDoS
Defense Design Space
Abstract
Distributed Denial of Service (DDoS) attacks have plagued the Internet
for decades. Despite the ever-increasing investments into mitigation
solution developments, DDoS attacks are also growing with
ever-increasing frequency and magnitude. To identify the root cause of
the above-observed trend, in this paper, we perform a systematic
analysis of volumetric DDoS detection and mitigation efforts over the
last four decades. To that end, we introduce a novel approach for
systematizing comparisons for DDoS research resulting in the
comprehensive examination of the DDoS literature spanning more than
24,000 papers, articles, and RFCs over 30+ years. Our analysis
illustrates common design patterns across seemingly disparate solutions,
and reveals insights into which aspects of DDoS solutions correlate with
deployment traction and success. Furthermore, we discuss economic
incentives and the lack of harmony between synergistic but independent
approaches for detection and mitigation. As expected, defenses with a
clear cost/benefit rationale are more prevalent than ones that require
extensive infrastructure changes. Finally, we discuss the lessons
learned which we hope can shed light on future directions that can
potentially allow us to turn the tide on the war against DDoS.