Recently, amplification DDoS attack (a.k.a Distributed Reflection Denial-of-Service attack, DRDoS attack) --- a kind of Denial-of-Service attack that abuses a lot of network devices and floods the bandwidth of a target --- has become a major threat on the Internet. To confront this threat, we are developing an observation system of amplification DDoS attacks called AmpPot (DRDoS Honeypot) to observe and analyze and analysis of this type of attacks.
Figure 1. Overview of AmpPot.
We have been observing amplification DDoS attacks using AmpPots since October, 2012. Figure 2 shows the number of attacks that our AmpPots observed. The number of our AmpPot sensors varies depending on the period, but the number of attacks have been rapidly increasing for the past few years and this trend shows that amplification DDoS attack has become a major threat on the Internet.
Figure 2. The number of amplification DDoS attacks that AmpPots observed.
By observing and analyzing amplfication DDoS attacks continuously, we aim to understand the trends of attacks and to develop countermeasures against the attacks using these technologies.
We are developing alerting system of amplifcation DDoS attacks using AmpPot technologies, and are providing its attack information to number of ogranizations in Japan.
Figure 3. Amplification DDoS alert system.
Figure 4. The number of amplification DDoS attack alerts.
We will release observational reports of amplification DDoS attakcs periodically.
Please email us if you have any questions: ynugr-dos[atmark]ynu.ac.jp
This is a joint work between Yokohama National University, Japan, the National Institute of Information and Communications Technology (NICT), Japan and Saarland University, Germany.