Peering into the Darkness: The Use of UTRS in Combating DDoS Attacks

Radu Anghel; Swaathi Vetrivel; Elsa Turcios Rodriguez; Kaichi Sameshima; Daisuke Makita; Katsunari Yoshioka; Carlos Gañán; Yury Zhauniarovich

doi:10.1007/978-3-031-51476-0_2

Peering into the Darkness: The Use of UTRS in Combating DDoS Attacks

Radu Anghel, Swaathi Vetrivel, Elsa Turcios Rodriguez, Kaichi Sameshima, Daisuke Makita, Katsunari Yoshioka, Carlos Gañán, Yury Zhauniarovich^*

^*Corresponding author for this work

Organisation & Governance

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

Abstract

Remotely Triggered Black Hole (RTBH) is a common DDoS mitigation approach that has been in use for the last two decades. Usually, it is implemented close to the attack victim in networks sharing some type of physical connectivity. The Unwanted Traffic Removal Service (UTRS) project offers a free, global, and relatively low-effort-to-join and operate RTBH alternative by removing the requirement of physical connectivity. Given these unique value propositions of UTRS, this paper aims to understand to what extent UTRS is adopted and used to mitigate DDoS attacks. To reach this goal, we collected two DDoS datasets describing amplification and Internet-of-Things-botnet-driven attacks and correlated them with the information from the third dataset containing blackholing requests propagated to the members of UTRS. Our findings suggest that, currently, just a small portion of UTRS members (approximately 10 % ) trigger mitigation attempts: out of 1200+ UTRS members, only 124 triggered blackholing events during our study. Among those, with high probability, 25 Autonomous Systems (ASes) reacted on AmpPot attacks mitigating 0.025 % of them globally or 1.03 % targeting UTRS members; 2 countered IoT-botnet-driven attacks alleviating 0.001 % of them globally or 0.06 % targeting UTRS members. This suggests that UTRS can be a useful tool in mitigating DDoS attacks, but it is not widely used.

Original language	English
Title of host publication	Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings
Editors	Gene Tsudik, Mauro Conti, Kaitai Liang, Georgios Smaragdakis
Publisher	Springer
Pages	23-41
Number of pages	19
ISBN (Print)	978-3-031-51475-3
DOIs	https://doi.org/10.1007/978-3-031-51476-0_2
Publication status	Published - 2024
Event	28th European Symposium on Research in Computer Security, ESORICS 2023 - The Hague, Netherlands Duration: 25 Sept 2023 → 29 Sept 2023

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14345 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	28th European Symposium on Research in Computer Security, ESORICS 2023
Country/Territory	Netherlands
City	The Hague
Period	25/09/23 → 29/09/23

Bibliographical note

Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Keywords

DDoS attacks
RTBH
UTRS

Access to Document

10.1007/978-3-031-51476-0_2

Cite this

Anghel, R., Vetrivel, S., Rodriguez, E. T., Sameshima, K., Makita, D., Yoshioka, K., Gañán, C., & Zhauniarovich, Y. (2024). Peering into the Darkness: The Use of UTRS in Combating DDoS Attacks. In G. Tsudik, M. Conti, K. Liang, & G. Smaragdakis (Eds.), Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings (pp. 23-41). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14345 LNCS). Springer. https://doi.org/10.1007/978-3-031-51476-0_2

Anghel, Radu ; Vetrivel, Swaathi ; Rodriguez, Elsa Turcios et al. / Peering into the Darkness : The Use of UTRS in Combating DDoS Attacks. Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings. editor / Gene Tsudik ; Mauro Conti ; Kaitai Liang ; Georgios Smaragdakis. Springer, 2024. pp. 23-41 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{f9723127daa34674a3c288c2b9a9bcf4,

title = "Peering into the Darkness: The Use of UTRS in Combating DDoS Attacks",

abstract = "Remotely Triggered Black Hole (RTBH) is a common DDoS mitigation approach that has been in use for the last two decades. Usually, it is implemented close to the attack victim in networks sharing some type of physical connectivity. The Unwanted Traffic Removal Service (UTRS) project offers a free, global, and relatively low-effort-to-join and operate RTBH alternative by removing the requirement of physical connectivity. Given these unique value propositions of UTRS, this paper aims to understand to what extent UTRS is adopted and used to mitigate DDoS attacks. To reach this goal, we collected two DDoS datasets describing amplification and Internet-of-Things-botnet-driven attacks and correlated them with the information from the third dataset containing blackholing requests propagated to the members of UTRS. Our findings suggest that, currently, just a small portion of UTRS members (approximately 10 % ) trigger mitigation attempts: out of 1200+ UTRS members, only 124 triggered blackholing events during our study. Among those, with high probability, 25 Autonomous Systems (ASes) reacted on AmpPot attacks mitigating 0.025 % of them globally or 1.03 % targeting UTRS members; 2 countered IoT-botnet-driven attacks alleviating 0.001 % of them globally or 0.06 % targeting UTRS members. This suggests that UTRS can be a useful tool in mitigating DDoS attacks, but it is not widely used.",

keywords = "DDoS attacks, RTBH, UTRS",

author = "Radu Anghel and Swaathi Vetrivel and Rodriguez, {Elsa Turcios} and Kaichi Sameshima and Daisuke Makita and Katsunari Yoshioka and Carlos Ga{\~n}{\'a}n and Yury Zhauniarovich",

note = "Green Open Access added to TU Delft Institutional Repository {\textquoteleft}You share, we take care!{\textquoteright} – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public. ; 28th European Symposium on Research in Computer Security, ESORICS 2023 ; Conference date: 25-09-2023 Through 29-09-2023",

year = "2024",

doi = "10.1007/978-3-031-51476-0_2",

language = "English",

isbn = "978-3-031-51475-3",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "23--41",

editor = "Gene Tsudik and Mauro Conti and Kaitai Liang and Georgios Smaragdakis",

booktitle = "Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings",

}

Anghel, R , Vetrivel, S , Rodriguez, ET, Sameshima, K, Makita, D, Yoshioka, K, Gañán, C & Zhauniarovich, Y 2024, Peering into the Darkness: The Use of UTRS in Combating DDoS Attacks. in G Tsudik, M Conti, K Liang & G Smaragdakis (eds), Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14345 LNCS, Springer, pp. 23-41, 28th European Symposium on Research in Computer Security, ESORICS 2023, The Hague, Netherlands, 25/09/23. https://doi.org/10.1007/978-3-031-51476-0_2

Peering into the Darkness: The Use of UTRS in Combating DDoS Attacks. / Anghel, Radu ; Vetrivel, Swaathi ; Rodriguez, Elsa Turcios et al.
Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings. ed. / Gene Tsudik; Mauro Conti; Kaitai Liang; Georgios Smaragdakis. Springer, 2024. p. 23-41 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14345 LNCS).

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Peering into the Darkness

T2 - 28th European Symposium on Research in Computer Security, ESORICS 2023

AU - Anghel, Radu

AU - Vetrivel, Swaathi

AU - Rodriguez, Elsa Turcios

AU - Sameshima, Kaichi

AU - Makita, Daisuke

AU - Yoshioka, Katsunari

AU - Gañán, Carlos

AU - Zhauniarovich, Yury

N1 - Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

PY - 2024

Y1 - 2024

N2 - Remotely Triggered Black Hole (RTBH) is a common DDoS mitigation approach that has been in use for the last two decades. Usually, it is implemented close to the attack victim in networks sharing some type of physical connectivity. The Unwanted Traffic Removal Service (UTRS) project offers a free, global, and relatively low-effort-to-join and operate RTBH alternative by removing the requirement of physical connectivity. Given these unique value propositions of UTRS, this paper aims to understand to what extent UTRS is adopted and used to mitigate DDoS attacks. To reach this goal, we collected two DDoS datasets describing amplification and Internet-of-Things-botnet-driven attacks and correlated them with the information from the third dataset containing blackholing requests propagated to the members of UTRS. Our findings suggest that, currently, just a small portion of UTRS members (approximately 10 % ) trigger mitigation attempts: out of 1200+ UTRS members, only 124 triggered blackholing events during our study. Among those, with high probability, 25 Autonomous Systems (ASes) reacted on AmpPot attacks mitigating 0.025 % of them globally or 1.03 % targeting UTRS members; 2 countered IoT-botnet-driven attacks alleviating 0.001 % of them globally or 0.06 % targeting UTRS members. This suggests that UTRS can be a useful tool in mitigating DDoS attacks, but it is not widely used.

AB - Remotely Triggered Black Hole (RTBH) is a common DDoS mitigation approach that has been in use for the last two decades. Usually, it is implemented close to the attack victim in networks sharing some type of physical connectivity. The Unwanted Traffic Removal Service (UTRS) project offers a free, global, and relatively low-effort-to-join and operate RTBH alternative by removing the requirement of physical connectivity. Given these unique value propositions of UTRS, this paper aims to understand to what extent UTRS is adopted and used to mitigate DDoS attacks. To reach this goal, we collected two DDoS datasets describing amplification and Internet-of-Things-botnet-driven attacks and correlated them with the information from the third dataset containing blackholing requests propagated to the members of UTRS. Our findings suggest that, currently, just a small portion of UTRS members (approximately 10 % ) trigger mitigation attempts: out of 1200+ UTRS members, only 124 triggered blackholing events during our study. Among those, with high probability, 25 Autonomous Systems (ASes) reacted on AmpPot attacks mitigating 0.025 % of them globally or 1.03 % targeting UTRS members; 2 countered IoT-botnet-driven attacks alleviating 0.001 % of them globally or 0.06 % targeting UTRS members. This suggests that UTRS can be a useful tool in mitigating DDoS attacks, but it is not widely used.

KW - DDoS attacks

KW - RTBH

KW - UTRS

UR - http://www.scopus.com/inward/record.url?scp=85182593008&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-51476-0_2

DO - 10.1007/978-3-031-51476-0_2

M3 - Conference contribution

AN - SCOPUS:85182593008

SN - 978-3-031-51475-3

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 23

EP - 41

BT - Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings

A2 - Tsudik, Gene

A2 - Conti, Mauro

A2 - Liang, Kaitai

A2 - Smaragdakis, Georgios

PB - Springer

Y2 - 25 September 2023 through 29 September 2023

ER -

Anghel R , Vetrivel S , Rodriguez ET, Sameshima K, Makita D, Yoshioka K et al. Peering into the Darkness: The Use of UTRS in Combating DDoS Attacks. In Tsudik G, Conti M, Liang K, Smaragdakis G, editors, Computer Security – ESORICS 2023 - 28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings. Springer. 2024. p. 23-41. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-51476-0_2