POSTER: How Distributed Are Today's DDoS Attacks?

Today botnets are responsible for most of the DDoS attacks on the Internet. Understanding the characteristics of such DDoS attacks is critical to develop effective DDoS mitigation schemes. In this poster. we present some preliminary findings, mainly concerning the distribution of the attackers, of today's DDoS attacks. Our investigation is based on 50,704 different Internet DDoS attacks collected within a seven-month period for activities across the globe. These attacks were launched by 674 botnet generations from 23 different bonet families with a total of 9026 victim IPs belonging to 1074 organizations that are collectively located in 186 countries. We find that different from the traditional widely distributed intuition, most of these DDoS attacks are not widely distributed as the attackers are mostly from the same region, i.e., highly regionalized. We also find that different botnet families have strong target preferences in the same area as well. These findings refresh our understanding on the modern DDoS attacks.