Detection strategies for post-pandemic DDoS profiles

The global pandemic lockdowns fostered the digital transition of companies worldwide since most of their employees worked from home using public or private cloud services. Accordingly, these services became the primary targets of the latest generation DDoS threats. While some features of current DDoS attack profiles appeared before the pandemic period, they became significant and reached their current complexity in the recent period. Besides applying novel methods and tools, the attacks' frequency, extent, and complexity also increased significantly. The combination of various attack vectors opened the way for multi-vector attacks incorporating a unique blend of L3-L7 attacking profiles. Unifying the hit-and-run method and the multi-vector approach contributed to the remarkable rise in success rate. The current paper has two focal points. First, it discusses the profiles of the latest DDoS attacks discovered in real data center infrastructures. To demonstrate and emphasize the changes in attack profile, we reference attack samples recently collected in various data center networks. Second, it provides a comprehensive survey of the state-of-the-art detection methods related to recent attacks. The paper especially focuses on the accuracy and speed of these, mostly networking-related detection approaches. Furthermore, we define features and quantitative and qualitative requirements to support detection methods handling the latest threat profiles.