Revealing the Architectural Design Patterns in the Volumetric DDoS Defense Design Space

Distributed Denial of Service (DDoS) attacks have plagued the Internet for decades. Despite the ever-increasing investments into mitigation solution developments, DDoS attacks are also growing with ever-increasing frequency and magnitude. To identify the root cause of the above-observed trend, in this paper, we perform a systematic analysis of volumetric DDoS detection and mitigation efforts over the last four decades. To that end, we introduce a novel approach for systematizing comparisons for DDoS research resulting in the comprehensive examination of the DDoS literature spanning more than 24,000 papers, articles, and RFCs over 30+ years. Our analysis illustrates common design patterns across seemingly disparate solutions, and reveals insights into which aspects of DDoS solutions correlate with deployment traction and success. Furthermore, we discuss economic incentives and the lack of harmony between synergistic but independent approaches for detection and mitigation. As expected, defenses with a clear cost/benefit rationale are more prevalent than ones that require extensive infrastructure changes. Finally, we discuss the lessons learned which we hope can shed light on future directions that can potentially allow us to turn the tide on the war against DDoS.