{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,25]],"date-time":"2026-04-25T08:30:13Z","timestamp":1777105813441,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":67,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100016882","name":"European Resuscitation Council","doi-asserted-by":"publisher","award":["ResolutioNet (ERC-StG-679158)"],"award-info":[{"award-number":["ResolutioNet (ERC-StG-679158)"]}],"id":[{"id":"10.13039\/100016882","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Federal Ministry of Education and Research of Germany (BMBF)","award":["5G-INSEL 16KIS0691 and AIDOS 16KIS0975K + 16KIS0976, and BIFOLD 01IS18025A and 01IS18037A"],"award-info":[{"award-number":["5G-INSEL 16KIS0691 and AIDOS 16KIS0975K + 16KIS0976, and BIFOLD 01IS18025A and 01IS18037A"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3485385","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:34Z","timestamp":1636805134000},"page":"970-987","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":51,"title":["United We Stand: Collaborative Detection and Mitigation of Amplification DDoS Attacks at Scale"],"prefix":"10.1145","author":[{"given":"Daniel","family":"Wagner","sequence":"first","affiliation":[{"name":"DE-CIX & Max Planck Institute for Informatics, Cologne, Germany"}]},{"given":"Daniel","family":"Kopp","sequence":"additional","affiliation":[{"name":"DE-CIX, Cologne, Germany"}]},{"given":"Matthias","family":"Wichtlhuber","sequence":"additional","affiliation":[{"name":"DE-CIX, Cologne, Germany"}]},{"given":"Christoph","family":"Dietzel","sequence":"additional","affiliation":[{"name":"DE-CIX & Max Planck Institute for Informatics, Cologne, Germany"}]},{"given":"Oliver","family":"Hohlfeld","sequence":"additional","affiliation":[{"name":"Brandenburg University of Technology, Cottbus, Germany"}]},{"given":"Georgios","family":"Smaragdakis","sequence":"additional","affiliation":[{"name":"TU Delft, Delft, Netherlands"}]},{"given":"Anja","family":"Feldmann","sequence":"additional","affiliation":[{"name":"Max Planck Institute for Informatics, Saarbr\u00fccken, Germany"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"The General Data Protection Regulation (GDPR)","year":"2016","unstructured":"2016. Data protection in the EU, The General Data Protection Regulation (GDPR); Regulation (EU) 2016\/679. https:\/\/ec.europa.eu\/info\/law\/law-topic\/data-protection\/."},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"crossref","unstructured":"B. Ager N. Chatzis A. Feldmann N. Sarrar S. Uhlig and W. Willinger. 2012. Anatomy of a Large European IXP. In ACM SIGCOMM.","DOI":"10.1145\/2342356.2342393"},{"key":"e_1_3_2_2_3_1","unstructured":"Akamai. 2018. State of the Internet Security Report (Attack Spotlight: Memcached). https:\/\/www.akamai.com\/us\/en\/multimedia\/documents\/state-of-theinternet\/soti-summer-2018-attack-spotlight.pdf ."},{"key":"e_1_3_2_2_4_1","unstructured":"Akamai. 2021. Akamai Security Solutions. https:\/\/www.akamai.com\/solutions\/security"},{"key":"e_1_3_2_2_5_1","unstructured":"Akamai. 2021. Prolexic Technologies by Akamai. https:\/\/www.akamai.com\/us\/en\/products\/security\/prolexic-solutions.jsp."},{"key":"e_1_3_2_2_6_1","unstructured":"Amazon. 2020. AWS Shield Threat Landscape Report. https:\/\/aws-shield-tlr.s3.amazonaws.com\/2020-Q1_AWS_Shield_TLR.pdf"},{"key":"e_1_3_2_2_7_1","unstructured":"M. Antonakakis T. April M. Bailey M. Bernhard E. Bursztein J. Cochran Z. Durumeric J. A. Halderman L. Invernizzi M. Kallitsis D. Kumar C. Lever Z. Ma J. Mason D. Menscher C. Seaman N. Sullivan K. Thomas and Y. Zhou. 2017. Understanding the Mirai Botnet. In USENIX Security."},{"key":"e_1_3_2_2_8_1","volume-title":"APRICOT","author":"Labovitz C.","year":"2019","unstructured":"C. Labovitz. 2019. Internet Traffic 2009--2019. APRICOT 2019."},{"key":"e_1_3_2_2_9_1","unstructured":"K. Carriello. 2017. Arm Yourself Against DDoS Attacks: Using BGP Flow Specification for Advanced Mitigation Architectures. http:\/\/forum.ix.br\/files\/apresentacao\/."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"crossref","unstructured":"O. \u00c7etin C. Ga\u00f1\u00e1n L. Altena T. Kasama D. Inoue K. Tamiya Y. Tie K. Yoshioka and M. van Eeten. 2019. Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai. In NDSS.","DOI":"10.14722\/ndss.2019.23438"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"crossref","unstructured":"N. Chatzis G. Smaragdakis A. Feldmann and W. Willinger. 2013. There is More to IXPs than Meets the Eye. ACM CCR 45 5 (2013).","DOI":"10.1145\/2541468.2541473"},{"key":"e_1_3_2_2_12_1","unstructured":"CISCO. 2005. Remotely Triggered Black Hole Filtering - Destination Based and Source Based. Cisco White Paper http:\/\/www.cisco.com\/c\/dam\/en_us\/about\/security\/intelligence\/blackhole.pdf ."},{"key":"e_1_3_2_2_13_1","unstructured":"B. Claise B. Trammell and P. Aitken. 2013. RFC 7011: Specification of the IPFIX Protocol for the Exchange of Flow Information."},{"key":"e_1_3_2_2_14_1","unstructured":"CloudFlare. 2021. CloudFlare Comprehensive DDoS Protection. https:\/\/www.cloudflare.com\/ddos\/"},{"key":"e_1_3_2_2_15_1","unstructured":"Cloudflare. 2021. DDoS attack trends for 2021 Q1. Cloudflare. https:\/\/blog.cloudflare.com\/ddos-attack-trends-for-2021-q1\/"},{"key":"e_1_3_2_2_16_1","unstructured":"B. Collier D. R. Thomas R. Clayton and A. Hutchings. 201. Booting the booters: Evaluating the effects of police interventions. In ACM IMC."},{"key":"e_1_3_2_2_17_1","unstructured":"E. Cooke F. Jahanian and D. McPherson. 2005. The Zombie Roundup: Understanding Detecting and Disrupting Botnets. In USENIX Sruti."},{"key":"e_1_3_2_2_18_1","volume-title":"Pound Gorilla: The Rise and Decline of NTP DDoS Attacks. In ACM IMC.","author":"Czyz J.","year":"2014","unstructured":"J. Czyz, M. Kallitsis, M. Gharaibeh, C. Papadopoulos, M. Bailey, and M. Karir. 2014. Taming the 800 Pound Gorilla: The Rise and Decline of NTP DDoS Attacks. In ACM IMC."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"crossref","unstructured":"C. Dietzel A. Feldmann and T. King. 2016. Blackholing at IXPs: On the Effectiveness of DDoS Mitigation in the Wild. In PAM.","DOI":"10.1007\/978-3-319-30505-9_24"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3281411.3281413"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"crossref","unstructured":"Z. Durumeric D. Adrian A. Mirian M. Bailey and J. A. Halderman. 2015. A Search Engine Backed by Internet-Wide Scanning. In CCS.","DOI":"10.1145\/2810103.2813703"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3465212"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"crossref","unstructured":"J. Freudiger E. De Cristofaro and A. Brito. 2015. Controlled Data Sharing for Collaborative Predictive Blacklisting. In DIMVA.","DOI":"10.1007\/978-3-319-20550-2_17"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2015.116"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"crossref","unstructured":"V. Giotsas G. Smaragdakis C. Dietzel P. Richter A. Feldmann and A. Berger. 2017. Inferring BGP Blackholing Activity in the Internet. In ACM IMC.","DOI":"10.1145\/3131365.3131379"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"crossref","unstructured":"D. Gong M. Tran S. Shinde H. Jin V. Sekar P. Saxena and M. S. Kang. 2019. Practical Verifiable In-network Filtering for DDoS Defense. In IEEE ICDCS.","DOI":"10.1109\/ICDCS.2019.00118"},{"key":"e_1_3_2_2_27_1","unstructured":"Google. 2020. Exponential growth in DDoS attack volumes. www.cloud.google.com\/blog\/products\/identity-security\/identifying-and-protecting-against-the-largest-ddos-attacks"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"crossref","unstructured":"H. Griffioen K. Oosthoek P. van der Knaap and C. Doerr. 2021. Scan Test Execute: Adversarial Tactics in Amplification DDoS Attacks. In ACM CCS.","DOI":"10.1145\/3460120.3484747"},{"key":"e_1_3_2_2_29_1","unstructured":"MANRS initiative. 2021. Mutually Agreed Norms for Routing Security. https:\/\/www.manrs.org\/."},{"key":"e_1_3_2_2_30_1","unstructured":"L. Jakober. 2020. Akamai mitigates sophisticated 1.44 Tbps and 385 Mpps DDoS Attack. Akamai Blog https:\/\/blogs.akamai.com\/2020\/06\/akamai-mitigates- sophisticated-144-tbps-and-385-mpps-ddos-attack.html."},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"crossref","unstructured":"M. Jonker A. King J. Krupp C. Rossow A. Sperotto and A. Dainotti. 2017. Millions of targets under attack: a macroscopic characterization of the DoS ecosystem. In ACM IMC.","DOI":"10.1145\/3131365.3131383"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"crossref","unstructured":"M. Jonker and A. Sperotto. 2017. Measuring Exposure in DDoS Protection Services. In IEEE Network and Service Management.","DOI":"10.23919\/CNSM.2017.8255991"},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"crossref","unstructured":"M. Jonker A. Sperotto R. van Rijswijk-Deij R. Sadre and A. Pras. 2016. Measuring the Adoption of DDoS Protection Services. In ACM IMC.","DOI":"10.1145\/2987443.2987487"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"crossref","unstructured":"M. Karami Y. Park and D. McCoy. 2016. Stress Testing the Booters: Understanding and Undermining the Business of DDoS Services. In WWW.","DOI":"10.1145\/2872427.2883004"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"crossref","unstructured":"S. Katti B. Krishnamurthy and D. Katabi. 2005. Collaborating against common enemies. In ACM IMC.","DOI":"10.1145\/1330107.1330151"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"crossref","unstructured":"D. Kopp C. Dietzel and O. Hohlfeld. 2021. DDoS Never Dies? An IXP Perspective on DDoS Amplification Attacks. In PAM.","DOI":"10.1007\/978-3-030-72582-2_17"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"crossref","unstructured":"D. Kopp J. Santanna M. Wichtlhuber O. Hohlfeld I. Poese and C. Dietzel. 2019. DDoS Hide & Seek: On the Effectiveness of a Booter Services Takedown. In ACM IMC.","DOI":"10.1145\/3355369.3355590"},{"key":"e_1_3_2_2_38_1","unstructured":"M. K\u00fchrer T. Hupperich C. Rossow and T. Holz. 2014. Exit from hell? Reducing the impact of amplification DDoS attacks. In USENIX Security."},{"key":"e_1_3_2_2_39_1","unstructured":"C. Labovitz. 2021. Tracing Volumetric DDoS to its Booter \/ IPHM Origins. NANOG 82."},{"key":"e_1_3_2_2_40_1","unstructured":"Rapid7 Labs. 2021. Project Sonar. https:\/\/opendata.rapid7.com\/"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"crossref","unstructured":"F. G. M\u00e1rmol and G. P\u00e9rez. 2009. Security Threats Scenarios in Trust and Reputation Models for Distributed Systems. Elsevier Computer Security 28 7 (2009).","DOI":"10.1016\/j.cose.2009.05.005"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"crossref","unstructured":"L. Melis G. Danezis and E. De Cristofaro. 2016. Efficient Private Statistics with Succinct Sketches. In NDSS.","DOI":"10.14722\/ndss.2016.23175"},{"key":"e_1_3_2_2_43_1","volume-title":"Cristofaro","author":"Melis L.","year":"2018","unstructured":"L. Melis, A. Pyrgelis, and E. De. Cristofaro. 2018. On Collaborative Predictive Blacklisting. ACM CCR 48, 5 (2018)."},{"key":"e_1_3_2_2_44_1","volume-title":"NETSCOUT Arbor Confirms 1.7 Tbps DDoS Attack","author":"Morales C.","unstructured":"C. Morales. 2018. NETSCOUT Arbor Confirms 1.7 Tbps DDoS Attack; The Terabit Attack Era Is Upon Us. https:\/\/www.netscout.com\/blog\/asert\/netscout-arbor-confirms-17-tbps-ddos-attack-terabit-attack-era."},{"key":"e_1_3_2_2_45_1","unstructured":"No more DDoS Coallition consortium. 2021. National Anti-DDoS-coalition. https:\/\/www.nomoreddos.org\/en\/."},{"key":"e_1_3_2_2_46_1","unstructured":"A. Mortensen T. Reddy and R. Moskowitz. 2009. DDoS Open Threat Signaling (DOTS) Requirements. IETF RFC 8612."},{"key":"e_1_3_2_2_47_1","unstructured":"NETSCOUT. 2021. Arbor DDoS Protection. https:\/\/www.netscout.com\/ddos-protection"},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"crossref","unstructured":"G. Nomikos V. Kotronis P. Sermpezis P. Gigis L. Manassakis C. Dietzel S. Konstantaras X. Dimitropoulos and V. Giotsas. 2018. O Peer Where Art Thou? Uncovering Remote Peering Interconnections at IXPs. In ACM IMC.","DOI":"10.1145\/3278532.3278556"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2020.2993330"},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2020.2983711"},{"key":"e_1_3_2_2_51_1","volume-title":"Phasing: Private Set Intersection Using Permutation-based Hashing. In USENIX Security Symposium.","author":"Pinkas B.","unstructured":"B. Pinkas, T. Schneider, G. Segev, and M. Zohner. 2015. Phasing: Private Set Intersection Using Permutation-based Hashing. In USENIX Security Symposium."},{"key":"e_1_3_2_2_52_1","unstructured":"RADb. 2021. RADb: The Internet Routing Registry. https:\/\/www.radb.net."},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"crossref","unstructured":"S. Ramanathan A. Hossain J. Mirkovic M. Yu and S. Afroz. 2020. Quantifying the Impact of Blocklisting in the Age of Address. In ACM IMC.","DOI":"10.1145\/3419394.3423657"},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"crossref","unstructured":"S. Ramanathan J. Mirkovic M. Yu and Y. Zhang. 2018. SENSS Against Volumetric DDoS Attacks. In ACSAC.","DOI":"10.1145\/3274694.3274717"},{"key":"e_1_3_2_2_55_1","volume-title":"Peerings: On the Role of IXP Route Servers. In ACM IMC.","author":"Richter P.","year":"2014","unstructured":"P. Richter, G. Smaragdakis, A. Feldmann, N. Chatzis, J. Boettger, and W. Willinger. 2014. Peering at Peerings: On the Role of IXP Route Servers. In ACM IMC."},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"crossref","unstructured":"B. Rodrigues T. Bocek A. Lareida D. Hausheer S. Rafati and B. Stiller. 2017. A Blockchain-Based Architecture for Collaborative DDoS Mitigation with Smart Contracts. In AIMS.","DOI":"10.1007\/978-3-319-60774-0_2"},{"key":"e_1_3_2_2_57_1","volume-title":"Amplification Hell: Revisiting Network Protocols for DDoS Abuse. In NDSS.","author":"Rossow C.","year":"2014","unstructured":"C. Rossow. 2014. Amplification Hell: Revisiting Network Protocols for DDoS Abuse. In NDSS."},{"key":"e_1_3_2_2_58_1","unstructured":"J. Ryburn. 2015. DDoS Mitigation Using BGP Flowspec. NANOG 63."},{"key":"e_1_3_2_2_59_1","volume-title":"LADS: Large-scale Automated DDoS detection System. In USENIX Security.","author":"Sekar V.","year":"2006","unstructured":"V. Sekar, N. Duffield, O. Spatscheck, K. van der Merwe, and H. Zhang. 2006. LADS: Large-scale Automated DDoS detection System. In USENIX Security."},{"key":"e_1_3_2_2_60_1","unstructured":"D. R. Simon S. Agarwal and D. A. Maltz. 2007. AS-Based Accountability as a Cost-effective DDoS Defense. In HotBots."},{"key":"e_1_3_2_2_61_1","unstructured":"Z. M. Smith E. Lostri and J. A. Lewis. 2020. The Hidden Costs of Cyber-crime. McAfee https:\/\/www.mcafee.com\/enterprise\/en-us\/assets\/reports\/rp-hidden-costs-of-cybercrime.pdf ."},{"key":"e_1_3_2_2_62_1","unstructured":"K. Subramani R. Perdisci and M. Konte. 2020. IXmon: Detecting and Analyzing DRDoS Attacks at Internet Exchange Points. CoRR abs\/2006.12555."},{"key":"e_1_3_2_2_63_1","doi-asserted-by":"crossref","unstructured":"T. Vissers T. Van Goethem W. Joosen and N. Nikiforakis. 2015. Maneuvering around clouds: Bypassing cloud-based security providers. In ACM CCS.","DOI":"10.1145\/2810103.2813633"},{"key":"e_1_3_2_2_64_1","doi-asserted-by":"crossref","unstructured":"A. Welzel C. Rossow and H. Bos. 2014. On measuring the impact of DDoS botnets. In EuroSec.","DOI":"10.1145\/2592791.2592794"},{"key":"e_1_3_2_2_65_1","doi-asserted-by":"crossref","unstructured":"M. Wichtlhuber S. B\u00fccker R. Kluge M. Mousavi and D. Hausheer. 2016. Of Strategies and Structures: Motif-based Fingerprinting Analysis of Online Reputation Networks. In IEEE LCN.","DOI":"10.1109\/LCN.2016.76"},{"key":"e_1_3_2_2_66_1","volume-title":"Poseidon: Mitigating volumetric ddos attacks with programmable switches. In NDSS.","author":"Zhang M.","year":"2020","unstructured":"M. Zhang, G. Li, S. Wang, C. Liu, A. Chen, H. Hu, G. Gu, Q. Li, M. Xu, and J. Wu. 2020. Poseidon: Mitigating volumetric ddos attacks with programmable switches. In NDSS."},{"key":"e_1_3_2_2_67_1","unstructured":"Z. Zhao H. Sadok N. Atre J.C. How V. Sekar and J. Sherry. 2020. Achieving 100Gbps Intrusion Prevention on a Single Server. In USENIX OSDI."}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3485385","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3485385","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:47:47Z","timestamp":1763498867000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3485385"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":67,"alternative-id":["10.1145\/3460120.3485385","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3485385","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}