Who Gets the Boot? Analyzing Victimization by DDoS-as-a-Service

Arman Noroozian, Maciej Korczynski, Carlos Hernandez Ganan, Daisuke Makita, Katsunari Yoshioka, Michel van Eeten

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

23 Citations (Scopus)


A lot of research has been devoted to understanding the technical properties of amplification DDoS attacks and the emergence of the DDoS-as-a-service economy, especially the so-called booters. Much less is known about the consequences for victimization patterns. We profile victims via data from amplification DDoS honeypots. We develop victimization rates and present explanatory models capturing key determinants of these rates. Our analysis demonstrates that the bulk of the attacks are directed at users in access networks, not at hosting, and even less at enterprise networks. We find that victimization in broadband ISPs is highly proportional to the number of ISP subscribers and that certain countries have significantly higher or lower victim rates which are only partially explained by institutional factors such as ICT development. We also find that victimization rate in hosting networks is proportional to the number of hosted domains and number of routed IP addresses and that content popularity has a minor impact on victimization rates. Finally, we reflect on the implications of these findings for the wider trend of commoditization in cybercrime.
Original languageEnglish
Title of host publicationProceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2016
Subtitle of host publicationResearch in Attacks, Intrusions, and Defenses
ISBN (Electronic)978-3-319-45719-2
ISBN (Print)978-3-319-45718-5
Publication statusPublished - 2016
Event19th International Symposium on Research in Attacks, Intrusions and Defenses - Evry, France
Duration: 19 Sep 201621 Sep 2016

Publication series

NameLecture Notes in Computer Science
ISSN (Electronic)0302-9743


Conference19th International Symposium on Research in Attacks, Intrusions and Defenses
Abbreviated titleRAID 2016
Internet address


Dive into the research topics of 'Who Gets the Boot? Analyzing Victimization by DDoS-as-a-Service'. Together they form a unique fingerprint.

Cite this