{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,12]],"date-time":"2025-05-12T19:02:45Z","timestamp":1747076565632,"version":"3.40.3"},"publisher-location":"Cham","reference-count":32,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031094835"},{"type":"electronic","value":"9783031094842"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-09484-2_10","type":"book-chapter","created":{"date-parts":[[2022,6,24]],"date-time":"2022-06-24T14:02:51Z","timestamp":1656079371000},"page":"178-196","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Amplification Chamber: Dissecting the\u00a0Attack Infrastructure of\u00a0Memcached DRDoS Attacks"],"prefix":"10.1007","author":[{"given":"Mizuki","family":"Kondo","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0246-5720","authenticated-orcid":false,"given":"Rui","family":"Tanabe","sequence":"additional","affiliation":[]},{"given":"Natsuo","family":"Shintani","sequence":"additional","affiliation":[]},{"given":"Daisuke","family":"Makita","sequence":"additional","affiliation":[]},{"given":"Katsunari","family":"Yoshioka","sequence":"additional","affiliation":[]},{"given":"Tsutomu","family":"Matsumoto","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,6,24]]},"reference":[{"key":"10_CR1","unstructured":"Amppot: Honeypot for monitoring amplification ddos attacks | datasets. https:\/\/sec.ynu.codes\/dos\/datasets"},{"key":"10_CR2","unstructured":"Censys. https:\/\/censys.io\/"},{"key":"10_CR3","unstructured":"Cve-2018-1000115 detail. https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2018-1000115"},{"key":"10_CR4","unstructured":"Memcached\u2013a distributed memory object caching system. https:\/\/memcached.org\/"},{"key":"10_CR5","unstructured":"Ripe atlas. https:\/\/atlas.ripe.net"},{"key":"10_CR6","unstructured":"Akamai SIRT Alerts. Memcached-fueled 1.3 tbps attacks. https:\/\/securityboulevard.com\/2018\/03\/memcached-fueled-1-3-tbps-attacks\/"},{"key":"10_CR7","unstructured":"B\u00fcscher, A., Holz, T.: Tracking DDoS attacks: insights into the business of disrupting the web. In: Proceedings of the 5th USENIX LEET, LEET 2012 (2012)"},{"key":"10_CR8","doi-asserted-by":"crossref","unstructured":"Welzel, A., Rossow, C., Bos, H.: On measuring the impact of DDoS botnets. In: Proceedings of the 7th European Workshop on Systems Security, EuroSec 2014 (2014)","DOI":"10.1145\/2592791.2592794"},{"key":"10_CR9","doi-asserted-by":"crossref","unstructured":"Collier, B., Thomas, D.R., Clayton, R., Hutchings, A.: Booting the booters: evaluating the effects of police interventions in the market for denial-of-service attacks. In: Proceedings of the 2019 Internet Measurement Conference, IMC 2019 (2019)","DOI":"10.1145\/3355369.3355592"},{"key":"10_CR10","doi-asserted-by":"crossref","unstructured":"Rossow, C.: Amplification hell: revisiting network protocols for DDoS abuse. In: Proceedings of the 2014 Network and Distributed System Security Symposium, NDSS 2014 (2014)","DOI":"10.14722\/ndss.2014.23233"},{"key":"10_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"284","DOI":"10.1007\/978-3-030-72582-2_17","volume-title":"Passive and Active Measurement","author":"D Kopp","year":"2021","unstructured":"Kopp, D., Dietzel, C., Hohlfeld, O.: DDoS never dies? An IXP perspective on DDoS amplification attacks. In: Hohlfeld, O., Lutu, A., Levin, D. (eds.) PAM 2021. LNCS, vol. 12671, pp. 284\u2013301. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-72582-2_17"},{"issue":"2","key":"10_CR12","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1145\/997150.997156","volume":"34","author":"J Mirkovic","year":"2004","unstructured":"Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. 34(2), 39\u201353 (2004)","journal-title":"ACM SIGCOMM Comput. Commun."},{"key":"10_CR13","unstructured":"Mirkovic, J., Dietrich, S., Dittrich, D., Reiher, P.: Internet denial of service: attack and defense mechanisms. In: Perlman, R. (ed.) Computer Networking and Security Book Series (2004)"},{"key":"10_CR14","doi-asserted-by":"crossref","unstructured":"Krupp, J., Backes, M., Rossow, C.: Identifying the scanners and attack infrastructure behind amplification DDoS attacks. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS 2016 (2016)","DOI":"10.1145\/2976749.2978293"},{"key":"10_CR15","doi-asserted-by":"crossref","unstructured":"Santanna, J.J., De Schmidt, R.O., Tuncer, D., De Vries, J., Granville, L.Z., Pras, A.: Booter blacklist: unveiling DDoS-for-hire websites. In: Proceedings of the 2016 12th International Conference on Network and Service Management, CNSM 2016 (2016)","DOI":"10.1109\/CNSM.2016.7818410"},{"key":"10_CR16","doi-asserted-by":"crossref","unstructured":"Santanna, J.J., Durban, R., Sperotto, A., Pras, A.: Inside booters: an analysis on operational database. In: Proceedings of the IFIP\/IEEE International Symposium on Integrated Network Management, IM 2015 (2015)","DOI":"10.1109\/INM.2015.7140320"},{"issue":"3","key":"10_CR17","first-page":"297","volume":"5","author":"K Bai","year":"2018","unstructured":"Bai, K.: Analysis and prevention of Memcache UDP reflection amplification attack. Int. J. Sci. 5(3), 297\u2013302 (2018)","journal-title":"Int. J. Sci."},{"key":"10_CR18","unstructured":"Kramer, L., et al.: Amppot: honeypot for monitoring amplification DDoS attack. In: Proceedings of the 18th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2015 (2015)"},{"key":"10_CR19","doi-asserted-by":"crossref","unstructured":"Singh, K., Singh, A.: Memcached DDoS exploits: operations, vulnerabilities, preventions and mitigations. In: Proceedings of the 2018 IEEE 3rd International Conference on Computing, Communication and Security, ICCCS 2018 (2018)","DOI":"10.1109\/CCCS.2018.8586810"},{"key":"10_CR20","unstructured":"K\u00fchrer, M., Hupperich, T., Rossow, C., Holz, T.: Exit from hell? Reducing the impact of amplification DDoS attack. In: Proceedings of the 23rd USENIX Security Symposium, USENIX 2014 (2014)"},{"key":"10_CR21","doi-asserted-by":"crossref","unstructured":"Jonker, M., Pras, A., Dainotti, A., Sperotto, A.: A first joint look at DoS attacks and BGP blackholing in the wild. In: Proceedings of the 2018 Internet Measurement Conference, IMC 2018 (2018)","DOI":"10.1145\/3278532.3278571"},{"key":"10_CR22","unstructured":"MaxMind: GeoIP2 database. https:\/\/www.maxmind.com\/"},{"key":"10_CR23","unstructured":"Karami, M., McCoy, D.: Understanding the emerging threat of DDoS-as-a-service. In: Presented as part of the 6th USENIX Work- shop on Large-Scale Exploits and Emergent Threats (2013)"},{"key":"10_CR24","unstructured":"Morales, C.: 1 Terabit DDoS attacks become a reality; reflecting on five years of reflections. https:\/\/www.netscout.com\/blog\/asert\/1-terabit-ddos-attacks-become-reality-reflecting-five-years"},{"key":"10_CR25","unstructured":"Morales, C.: Netscout arbor confirms 1.7 Tbps DDoS attack; the terabit attack era is upon us. https:\/\/www.netscout.com\/blog\/asert\/netscout-arbor-confirms-17-tbps-ddos-attack-terabit-attack-era"},{"issue":"23","key":"10_CR26","doi-asserted-by":"publisher","first-page":"8071","DOI":"10.3390\/s21238071","volume":"21","author":"M Nivedita","year":"2021","unstructured":"Nivedita, M., et al.: Memcached: an experimental study of DDoS attacks for the wellbeing of IoT applications. Sensors (Basel) 21(23), 8071 (2021)","journal-title":"Sensors (Basel)"},{"key":"10_CR27","unstructured":"Nishtala, R., et al.: Scaling Memcache at Facebook. In: Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2013 (2013)"},{"key":"10_CR28","doi-asserted-by":"crossref","unstructured":"Kumar, S.: Smurf-based distributed denial of service (DDoS) attack amplification. In: Proceedings of the of the Second International Conference on Internet Monitoring and Protection (ICIMP 2007) (2007)","DOI":"10.1109\/ICIMP.2007.42"},{"key":"10_CR29","unstructured":"Farsight Security: Dnsdb. https:\/\/www.dnsdb.info\/"},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"Giotsas, V., Smaragdakis, G., Dietzel, C., Richter, P., Feldmann, A., Berger, A.: Inferring BGP blackholing activity in the internet. In: Proceedings of the 2017 Internet Measurement Conference, IMC 2017 (2017)","DOI":"10.1145\/3131365.3131379"},{"issue":"3","key":"10_CR31","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1145\/505659.505664","volume":"31","author":"V Paxson","year":"2001","unstructured":"Paxson, V.: An analysis of using reflectors for distributed denial-of-service attacks. ACM SIGCOMM Comput. Commun. 31(3), 38\u201347 (2001)","journal-title":"ACM SIGCOMM Comput. Commun."},{"key":"10_CR32","unstructured":"Durumeric, Z., Bailey, M., Halderman, J.A.: An internet-wide view of internet-wide scanning. In: Proceedings of the of the 23rd USENIX Security Symposium, USENIX 2014 (2014)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-09484-2_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,24]],"date-time":"2022-06-24T14:04:44Z","timestamp":1656079484000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-09484-2_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031094835","9783031094842"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-09484-2_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"24 June 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cagliari","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 June 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 July 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sites.unica.it\/dimva2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"39","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.1","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}