{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T03:31:52Z","timestamp":1781062312040,"version":"3.54.1"},"reference-count":53,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2024,2,16]],"date-time":"2024-02-16T00:00:00Z","timestamp":1708041600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006374","name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek","doi-asserted-by":"publisher","award":["CS.007"],"award-info":[{"award-number":["CS.007"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Meas. Anal. Comput. Syst."],"published-print":{"date-parts":[[2024,2,16]]},"abstract":"<jats:p>Distributed Denial-of-Service (DDoS) attacks continue to threaten the availability of Internet-based services. While countermeasures exist to decrease the impact of these attacks, not all operators have the resources or knowledge to deploy them. Alternatively, anti-DDoS services such as DDoS clearing houses and blackholing have emerged. Unwanted Traffic Removal Service (UTRS), being one of the oldest community-based anti-DDoS services, has become a global free collaborative service that aims at mitigating major DDoS attacks through the Border Gateway Protocol (BGP). Once the BGP session with UTRS is established, UTRS members can advertise part of the prefixes belonging to their AS to UTRS. UTRS will forward them to all other participants, who, in turn, should start blocking traffic to the advertised IP addresses. In this paper, we develop and evaluate a methodology to automatically detect UTRS participation in the wild. To this end, we deploy a measurement infrastructure and devise a methodology to detect UTRS-based traffic blocking. Using this methodology, we conducted a longitudinal analysis of UTRS participants over ten weeks. Our results show that at any point in time, there were 562 participants, including multihomed, stub, transit, and IXP ASes. Moreover, we surveyed 245 network operators to understand why they would (not) join UTRS. Results show that threat and coping appraisal significantly influence the intention to participate in UTRS.<\/jats:p>","DOI":"10.1145\/3639029","type":"journal-article","created":{"date-parts":[[2024,2,21]],"date-time":"2024-02-21T17:01:32Z","timestamp":1708534892000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Who's Got My Back? Measuring the Adoption of an Internet-wide BGP RTBH Service"],"prefix":"10.1145","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0556-1742","authenticated-orcid":false,"given":"Radu","family":"Anghel","sequence":"first","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9116-0728","authenticated-orcid":false,"given":"Yury","family":"Zhauniarovich","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4699-3007","authenticated-orcid":false,"given":"Carlos","family":"Ga\u00f1\u00e1n","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,2,21]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Accessed on 03.04.2021. RIPE Atlas. https:\/\/atlas.ripe.net\/"},{"key":"e_1_2_1_2_1","unstructured":"Accessed on 29.09.2023. CIDR Report. https:\/\/www.cidr-report.org"},{"key":"e_1_2_1_3_1","volume-title":"European Symposium on Research in Computer Security (ESORICS). 23--41","author":"Anghel Radu","year":"2023","unstructured":"Radu Anghel, Swaathi Vetrivel, Elsa Turcios Rodriguez, Kaichi Sameshima, Daisuke Makita, Katsunari Yoshioka, Carlos H. Ga\u00f1\u00e1n, and Yury Zhauniarovich. 2023. Peering into the Darkness: The Use of UTRS in Combating DDoS Attacks. In European Symposium on Research in Computer Security (ESORICS). 23--41."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1080\/02642060802253850"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/E2EMON.2007.375313"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.11.001"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.52"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3213232.3213234"},{"key":"e_1_2_1_9_1","unstructured":"CAIDA. [n. d.]. ASRank. Retrieved 05.05.2022 from https:\/\/asrank.caida.org\/"},{"key":"e_1_2_1_10_1","unstructured":"CAIDA. 2015. AS Classification. Retrieved 25.04.2022 from https:\/\/www.caida.org\/data\/as-classification\/"},{"key":"e_1_2_1_11_1","volume-title":"2009 42nd Hawaii International Conference on System Sciences. IEEE, 1--10","author":"Chenoweth Tim","year":"2009","unstructured":"Tim Chenoweth, Robert Minch, and Tom Gattiker. 2009. Application of protection motivation theory to adoption of protective technologies. In 2009 42nd Hawaii International Conference on System Sciences. IEEE, 1--10."},{"key":"e_1_2_1_12_1","volume-title":"My current thoughts on coefficient alpha and successor procedures. Educational and psychological measurement 64, 3","author":"Cronbach Lee J","year":"2004","unstructured":"Lee J Cronbach and Richard J Shavelson. 2004. My current thoughts on coefficient alpha and successor procedures. Educational and psychological measurement 64, 3 (2004), 391--418."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3281411.3281413"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1080\/01449290410001715723"},{"key":"e_1_2_1_15_1","volume-title":"ACM SIGSAC Conference on Computer and Communications Security (CCS '15)","author":"Durumeric Zakir","unstructured":"Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. 2015. A Search Engine Backed by Internet-Wide Scanning. In ACM SIGSAC Conference on Computer and Communications Security (CCS '15). 542--553."},{"key":"e_1_2_1_16_1","volume-title":"ZMap: Fast Internet-wide Scanning and Its Security Applications. In 22nd USENIX Security Symposium (USENIX Security 13)","author":"Durumeric Zakir","unstructured":"Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2013. ZMap: Fast Internet-wide Scanning and Its Security Applications. In 22nd USENIX Security Symposium (USENIX Security 13). 605--620. https:\/\/www.usenix.org\/conference\/ usenixsecurity13\/technical-sessions\/paper\/durumeric"},{"key":"e_1_2_1_17_1","volume-title":"Selecting Representative IP Addresses for Internet Topology Studies. In ACM SIGCOMM Conference on Internet Measurement (IMC '10)","author":"Fan Xun","year":"2010","unstructured":"Xun Fan and John Heidemann. 2010. Selecting Representative IP Addresses for Internet Topology Studies. In ACM SIGCOMM Conference on Internet Measurement (IMC '10). 411--423."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131379"},{"key":"e_1_2_1_19_1","volume-title":"Consumer motivations in taking action against spyware: an empirical investigation. Information Management & Computer Security","author":"Gurung Anil","year":"2009","unstructured":"Anil Gurung, Xin Luo, and Qinyu Liao. 2009. Consumer motivations in taking action against spyware: an empirical investigation. Information Management & Computer Security (2009)."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3462766.3462770"},{"key":"e_1_2_1_21_1","unstructured":"Arman Noroozian Hadi Asghari. 2014. PyPI - pyasn. Retrieved 26.04.2022 from https:\/\/pypi.org\/project\/pyasn\/"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1207\/s15506878jobem4704_5"},{"key":"e_1_2_1_23_1","doi-asserted-by":"crossref","unstructured":"C Hopps. 2000. RFC992: Analysis of an equal-cost multi-path algorithm.","DOI":"10.17487\/rfc2992"},{"key":"e_1_2_1_24_1","volume-title":"Cutoff criteria for fit indexes in covariance structure analysis: Conventional criteria versus new alternatives. Structural equation modeling: a multidisciplinary journal 6, 1","author":"Bentler Hu","year":"1999","unstructured":"Li-tze Hu and Peter M Bentler. 1999. Cutoff criteria for fit indexes in covariance structure analysis: Conventional criteria versus new alternatives. Structural equation modeling: a multidisciplinary journal 6, 1 (1999), 1--55."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.23919\/CNSM.2017.8255991"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-72582-2_17"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_28"},{"key":"e_1_2_1_28_1","unstructured":"John Kristoff. 2015. An Internet-wide BGP RTBH Service. Technical Report. https:\/\/www.iab.org\/wp-content\/IABuploads\/ 2015\/04\/CARIS_2015_submission_20.pdf"},{"key":"e_1_2_1_29_1","unstructured":"Linux Kernel. [n. d.]. Linux Kernel Networking Documentation - sysctl. https:\/\/www.kernel.org\/doc\/Documentation\/ networking\/ip-sysctl.txt"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833701"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC5575"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.2017.1394083"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355593"},{"key":"e_1_2_1_34_1","unstructured":"PeeringDB. 2004. The Interconnection Database. Retrieved 25.04.2022 from https:\/\/www.peeringdb.com\/"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1086\/209405"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2015.7249285"},{"key":"e_1_2_1_37_1","doi-asserted-by":"crossref","unstructured":"Yakov Rekhter Susan Hares and Tony Li. 2006. A Border Gateway Protocol 4 (BGP-4). RFC 4271. https:\/\/doi.org\/10. 17487\/RFC4271","DOI":"10.17487\/rfc4271"},{"key":"e_1_2_1_38_1","unstructured":"Ronald W Rogers and Steven Prentice-Dunn. 1997. Protection motivation theory. (1997)."},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(17)30059-4"},{"key":"e_1_2_1_40_1","unstructured":"Team Cymru. [n. d.]. Unwanted Traffic Removal Service. Retrieved 26.02.2023 from https:\/\/www.team-cymru.com\/ ddos-mitigation-services"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.02.009"},{"key":"e_1_2_1_42_1","volume-title":"Computer Security","author":"Tselios Christos","unstructured":"Christos Tselios, George Tsolis, and Manos Athanatos. 2019. A Comprehensive Technical Survey of Contemporary Cybersecurity Products and Solutions. In Computer Security. Springer, 3--18."},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-02744-5_34"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","unstructured":"Doughan Turk. 2004. Configuring BGP to Block Denial-of-Service Attacks. RFC 3882. https:\/\/doi.org\/10.17487\/RFC3882","DOI":"10.17487\/RFC3882"},{"key":"e_1_2_1_45_1","unstructured":"University of Oregon. [n. d.]. Route Views Project. Retrieved 25.04.2022 from http:\/\/www.routeviews.org\/"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2017.17"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2011.1"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","unstructured":"Curtis Villamizar Ravi Chandra and Dr. Ramesh Govindan. 1998. BGP Route Flap Damping. RFC 2439. https: \/\/doi.org\/10.17487\/RFC2439","DOI":"10.17487\/RFC2439"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485385"},{"key":"e_1_2_1_50_1","unstructured":"Matthias Wichtlhuber Christoph Dietzel and Thomas King. 2018. Computer-implemented procedure to defend against or mitigate DDoS attacks on IT infrastructures. https:\/\/patents.google.com\/patent\/DE102018130588B4\/en"},{"key":"e_1_2_1_51_1","volume-title":"Security lapses and the omission of information security measures: A threat control model and empirical test. Computers in human behavior 24, 6","author":"Workman Michael","year":"2008","unstructured":"Michael Workman, William H Bommer, and Detmar Straub. 2008. Security lapses and the omission of information security measures: A threat control model and empirical test. Computers in human behavior 24, 6 (2008), 2799--2816."},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/NETSOFT.2019.8806653"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3487552.3487853"}],"container-title":["Proceedings of the ACM on Measurement and Analysis of Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3639029","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3639029","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T01:38:56Z","timestamp":1755913136000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3639029"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,2,16]]},"references-count":53,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,2,16]]}},"alternative-id":["10.1145\/3639029"],"URL":"https:\/\/doi.org\/10.1145\/3639029","relation":{},"ISSN":["2476-1249"],"issn-type":[{"value":"2476-1249","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,2,16]]},"assertion":[{"value":"2024-02-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}