{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:22:01Z","timestamp":1766442121712,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","funder":[{"name":"the National Key Research and Development Program of China","award":["No. 2023YFB3105600"],"award-info":[{"award-number":["No. 2023YFB3105600"]}]},{"name":"the National Natural Science Foundation of China","award":["62102218"],"award-info":[{"award-number":["62102218"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3744878","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:33:16Z","timestamp":1763854396000},"page":"4559-4573","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Exploring and Analyzing Cross Layer DoS Attack Against UDP-based Services on Linux"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-4663-7334","authenticated-orcid":false,"given":"Dashuai","family":"Wu","sequence":"first","affiliation":[{"name":"Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0878-7656","authenticated-orcid":false,"given":"Yunyi","family":"Zhang","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China and National University of Defense Technology, Changsha, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9032-8063","authenticated-orcid":false,"given":"Baojun","family":"Liu","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7388-1329","authenticated-orcid":false,"given":"Xiang","family":"Li","sequence":"additional","affiliation":[{"name":"Nankai Univeristy, Tianjin, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-1189-0164","authenticated-orcid":false,"given":"Eihal","family":"Alowaisheq","sequence":"additional","affiliation":[{"name":"King Saud University, Riyadh, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0083-733X","authenticated-orcid":false,"given":"Haixin","family":"Duan","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Akamai. 2024. State of the Internet Reports. https:\/\/www.akamai.com\/security-research\/the-state-of-the-internet."},{"key":"e_1_3_2_1_2_1","unstructured":"Bill Toulas. 2023a. New 'HinataBot' Botnet Could Launch Massive 3.3 Tbps DDoS Attacks. https:\/\/www.bleepingcomputer.com\/news\/security\/new-hinatabot-botnet-could-launch-massive-33-tbps-ddos-attacks\/."},{"key":"e_1_3_2_1_3_1","unstructured":"Bill Toulas. 2023b. New 'HTTP \/2 Rapid Reset ' Zero-Day Attack Breaks DDoS Records. https:\/\/www.bleepingcomputer.com\/news\/security\/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records\/."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","unstructured":"Robert T. Braden. 1989. Requirements for Internet Hosts - Communication Layers. RFC 1122. https:\/\/doi.org\/10.17487\/RFC1122","DOI":"10.17487\/RFC1122"},{"key":"e_1_3_2_1_5_1","unstructured":"CAIDA. 2025. State of IP Spoofing . https:\/\/spoofer.caida.org\/summary.php."},{"key":"e_1_3_2_1_6_1","first-page":"1581","volume-title":"27th USENIX Security Symposium (USENIX Security, 18)","author":"Chen Weiteng","year":"2018","unstructured":"Weiteng Chen and Zhiyun Qian. 2018. vphantomOff-Path, vphantom vphantomTCP, vphantom Exploit: How Wireless Routers Can Jeopardize Your Secrets. In 27th USENIX Security Symposium (USENIX Security, 18). 1581-1598."},{"key":"e_1_3_2_1_7_1","unstructured":"Cloudflare. 2024. DDoS threat report for 2024 Q2. https:\/\/blog.cloudflare.com\/ddos-threat-report-for-2024-q2\/."},{"key":"e_1_3_2_1_8_1","unstructured":"Cloudflare. 2025. What Is a Distributed Denial-of-Service (DDoS) Attack? https:\/\/www.cloudflare.com\/learning\/ddos\/what-is-a-ddos-attack\/."},{"key":"e_1_3_2_1_9_1","unstructured":"Amir Dahan. 2021. Business as Usual for Azure Customers despite 2.4 Tbps DDoS Attack. https:\/\/azure.microsoft.com\/en-us\/blog\/business-as-usual-for-azure-customers-despite-24-tbps-ddos-attack\/."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3485832.3485917"},{"key":"e_1_3_2_1_11_1","volume-title":"DNS flag day","author":"DNS-ORAC.","year":"2020","unstructured":"DNS-ORAC. 2020. DNS flag day 2020. https:\/\/dns-violations.github.io\/dnsflagday\/2020\/."},{"key":"e_1_3_2_1_12_1","first-page":"5769","volume-title":"33rd USENIX Security Symposium (USENIX Security, 24)","author":"Duan Huayi","year":"2024","unstructured":"Huayi Duan, Marco Bearzi, Jodok Vieli, David Basin, Adrian Perrig, Si Liu, and Bernhard Tellenbach. 2024. vphantomCAMP, vphantom: Compositional Amplification Attacks, against vphantomDNS, vphantom. In 33rd USENIX Security Symposium (USENIX Security, 24). 5769-5786."},{"key":"e_1_3_2_1_13_1","volume-title":"22nd USENIX Security Symposium.","author":"Durumeric Zakir","year":"2013","unstructured":"Zakir Durumeric, Eric Wustrow, and J Alex Halderman. 2013. ZMap: Fast Internet-wide scanning and its security applications. In 22nd USENIX Security Symposium."},{"key":"e_1_3_2_1_14_1","unstructured":"Dyn. 2016. DDoS Attack Against Dyn Managed DNS . https:\/\/www.dynstatus.com\/incidents\/nlr4yrr162t8."},{"key":"e_1_3_2_1_15_1","unstructured":"Emil Kiner and Tim April. 2023. Google Cloud Mitigated Largest DDoS Attack Peaking above 398 Million Rps. https:\/\/cloud.google.com\/blog\/products\/identity-security\/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417884"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179441"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","unstructured":"Mukesh Gupta and Alex Conta. 2006. Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification. RFC 4443. https:\/\/doi.org\/10.17487\/RFC4443","DOI":"10.17487\/RFC4443"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3670389"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","unstructured":"Erin Kenneally and David Dittrich. 2012. The Menlo Report : Ethical Principles Guiding Information and Communication Technology Research . https:\/\/doi.org\/10.2139\/ssrn.2445102 showeprint[social science research network]2445102","DOI":"10.2139\/ssrn.2445102"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00054"},{"key":"e_1_3_2_1_22_1","unstructured":"Qrator Labs. 2023. Q2 2023 DDoS Attacks Statistics and Overview ."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23386"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN48063.2020.00022"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00264"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00172"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484737"},{"key":"e_1_3_2_1_28_1","first-page":"5717","volume-title":"33rd USENIX Security Symposium (USENIX Security, 24)","author":"Lin Ziyu","year":"2024","unstructured":"Ziyu Lin, Zhiwei Lin, Ximeng Liu, Jianjun Chen, Run Guo, Cheng Chen, and Shaodong Xiao. 2024. vphantomCDN, vphantom Cannon, : Exploiting, vphantomCDN, vphantom vphantomBack-to-Origin, vphantom Strategies, for Amplification Attacks. In 33rd USENIX Security Symposium (USENIX Security, 24). 5717-5734."},{"key":"e_1_3_2_1_29_1","unstructured":"Linux kernel netdev mailing list. 2019. Kernel UDP Behavior with Missing Destinations. https:\/\/www.spinics.net\/lists\/netdev\/msg570519.html."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3486219"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2018.09.001"},{"key":"e_1_3_2_1_32_1","unstructured":"Microsoft Q&A. 2024. Is It Possible to Enable ARP Spoofing in Azure Virtual Networks? https:\/\/learn.microsoft.com\/en-us\/answers\/questions\/1522014\/is-it-possible-to-enable-arp-spoofing-in-azure-vir."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417247"},{"key":"e_1_3_2_1_34_1","volume-title":"The 10 Leading Cloud Service Providers, of","author":"Nayak Subhendu","year":"2024","unstructured":"Subhendu Nayak. 2024. The 10 Leading Cloud Service Providers, of 2024. https:\/\/www.cloudoptimo.com\/blog\/the-10-leading-cloud-service-providers-of-2024\/."},{"key":"e_1_3_2_1_35_1","unstructured":"Netscout. 2025. What Is a Slow Post DDoS Attack ? https:\/\/www.netscout.com\/what-is-ddos\/slow-post-attacks."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354215"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2023.3257413"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2896816"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","unstructured":"D. Plummer. 1982. An Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware. RFC 826. https:\/\/doi.org\/10.17487\/RFC0826","DOI":"10.17487\/RFC0826"},{"key":"e_1_3_2_1_40_1","unstructured":"Teri Radichel. 2024. Why One of Your Favorite Pen Testing Techniques Doesn't Work on AWS ."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","unstructured":"Rosalea Roberts Geoff Huston and Dr. Thomas Narten. 2011. IPv6 Address Assignment to End Sites. RFC 6177. https:\/\/doi.org\/10.17487\/RFC6177","DOI":"10.17487\/RFC6177"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","unstructured":"William A. Simpson Dr. Thomas Narten Erik Nordmark and Hesham Soliman. 2007. Neighbor Discovery for IP version 6 (IPv6). RFC 4861. https:\/\/doi.org\/10.17487\/RFC4861","DOI":"10.17487\/RFC4861"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00032"},{"key":"e_1_3_2_1_44_1","unstructured":"Strace. 2025. Strace. https:\/\/strace.io\/."},{"key":"e_1_3_2_1_45_1","unstructured":"Traceroute. 2025. Traceroute for Linux. https:\/\/traceroute.sourceforge.net\/."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485372"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616668"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3487552.3487853"}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Taipei Taiwan","acronym":"CCS '25"},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3744878","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:18:00Z","timestamp":1766441880000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3744878"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":48,"alternative-id":["10.1145\/3719027.3744878","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3744878","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}