A review of amplification-based distributed denial of service attacks and their mitigation

The rise of Distributed Denial of Service (DDoS) attacks have been steady in terms of the frequency and the impact of the attack. Traditionally, the attackers required control of a huge amount of resources to launch an attack. This has changed with the use of reflectors and amplifiers in DDoS attacks. A recent shift consisted of using other protocols than the traditional NTP and DNS protocols which were heavily used for ADDoS. In this paper, we review and organize amplification-based DDoS (ADDoS) attacks and associated countermeasures into a new taxonomy. Furthermore, we present a modus operandi of ADDoS attacks and analyze how it differs from traditional DDoS attacks. We also investigate how accessible ADDoS are for attackers with average resources. We survey readily available open-source scripts on GitHub and also the ADDoS features available in hire-to-DDoS platforms. We believe that accessibility and low-cost of hire-to-DDoS platforms are the major reasons for the increase of amplification-based DDoS attacks. Lastly, we provide a list of future directions that might be interesting for the community to focus on. (c) 2021 Elsevier Ltd. All rights reserved.