Modern DDoS Threats and Countermeasures: Insights into Emerging Attacks and Detection Strategies
Jincheng Wang, Le Yu, John C. S. Lui, Xiapu Luo
TL;DR
This survey analyzes the evolving landscape of DDoS threats, emphasizing the shift from traditional volumetric floods to attacks that exploit diverse protocols and emerging systems. It synthesizes a comprehensive taxonomy of attacks and presents a multi-faceted view of modern detection approaches, including behavior-, statistics-, learning-, adversarial-, and IoT botnet-based methods, while highlighting the potential of in-network detection using SDN and programmable switches. The paper identifies three open questions: vulnerability discovery in new protocols/systems, principled design of attack-agnostic detectors, and defense mechanisms that do not rely on control planes. It also discusses the role of advanced hardware in enabling line-rate detection and coordinated, cross-domain defense, arguing for privacy-preserving data sharing and robust, adaptable detection frameworks with practical deployment considerations. Overall, the work offers a roadmap for integrating protocol-aware vulnerability analysis with scalable, hardware-assisted detection to counter the evolving DDoS threat landscape.
Abstract
Distributed Denial of Service (DDoS) attacks persist as significant threats to online services and infrastructure, evolving rapidly in sophistication and eluding traditional detection mechanisms. This evolution demands a comprehensive examination of current trends in DDoS attacks and the efficacy of modern detection strategies. This paper offers an comprehensive survey of emerging DDoS attacks and detection strategies over the past decade. We delve into the diversification of attack targets, extending beyond conventional web services to include newer network protocols and systems, and the adoption of advanced adversarial tactics. Additionally, we review current detection techniques, highlighting essential features that modern systems must integrate to effectively neutralize these evolving threats. Given the technological demands of contemporary network systems, such as high-volume and in-line packet processing capabilities, we also explore how innovative hardware technologies like programmable switches can significantly enhance the development and deployment of robust DDoS detection systems. We conclude by identifying open problems and proposing future directions for DDoS research. In particular, our survey sheds light on the investigation of DDoS attack surfaces for emerging systems, protocols, and adversarial strategies. Moreover, we outlines critical open questions in the development of effective detection systems, e.g., the creation of defense mechanisms independent of control planes.