In recognition of Safer Internet Day on February 11th, DE-CIX, the operator of the world’s largest Internet Exchange (IX), DE-CIX Frankfurt, recently announced that it has published a study in collaboration with an international team of scientists. The project involved researchers from DE-CIX’s internal research team, BENOCS GmbH, Brandenburg Technical University Cottbus-Senftenberg, University of Twente and the Max Planck Institute for Computer Science in Saarbrücken. This study examines the effects of DDoS (Distributed Denial of Service) attacks and the effects of police countermeasures for the first time — and the results are disturbing. 

The case study employed a measurement infrastructure that was designed specifically for the study, measuring DDoS attacks that were purchased from “booter” websites or DDoS service providers to attack the company’s own system. Booter websites enable every Internet user to carry out attacks against known Internet platforms easily, quickly and with very little financial setback. Due to the ease of these attacks, Internet services are increasingly falling victim to DDoS cybercrimes, which disrupt the availability of Internet services and websites. This disruption is caused by using more computer system resources (such as computing power or transmission capacity) than are actually available. Subsequently, corresponding services collapse and are no longer accessible to the public.

The findings of the case study report that any Internet user can carry out cyber attacks for under $20 dollars. 

Interestingly, analysis performed at DE-CIX Frankfurt — the world’s largest Internet node — revealed that DDoS attacks occur at any time of day or night. However, it was also found that only 20 percent of attack traffic goes through the Frankfurt IX, meaning that it could be hypothesized that one observed 311Gbps attack was actually five times as large with an actual traffic rate of 1.555Tbps. With attacks possibly being significantly larger than measurements initially reveal, these attacks can create massive damage financially, reputationally and systemically, putting the company’s existence at risk. It is due to this risk that DE-CIX remains dedicated to conducting further research and understanding how to combat this cybercrime. 

The new research project, which is funded by the German Federal Ministry of Education and Research (BMBF), centers on artificial intelligence technologies and how they may be able to detect DDoS attacks directly at the core of the Internet, at the Internet exchange. The research project, which will run until June 2022, continues with the goal of creating new and effective protective measures. 

The team also researched and analyzed the effects of international police measures against DDoS service providers in December 2018. While it was found that 15 booter websites were removed from the net as part of protection efforts conducted by the FBI and the Dutch police, there was no lasting success in averting this danger.

“We were unable to record a sustained improvement in the security situation with regard to DDoS activities on the Internet as a result of the police countermeasures of December 2018,” noted Dr. Christoph Dietzel, who is responsible for Research and Product Development at DE-CIX. “After about 6 days, the frequency of attacks was already back to the old level of an average of 50 NTP (Network Time Protocol) DDoS attacks per hour – the measures had caused a drop to thirty attacks per hour.” 

Working closely with industrial and academic partners, the DE-CIX Research and Development team is continuing to search for novel technical possibilities and solutions that will further drive innovation in the market segment and the development of a next-generation IX. This also includes public sector projects financed by third-party funds. Currently, the focus is on the detection and containment of DDoS attacks, programmable computer networks (P4/SDN) and the improvement of inter-domain routing.

The complete study can be found here.

The new research project can be found here.

To learn more about DE-CIX, please visit www.de-cix.net.