In my days in industry, I used to deal with the occasional DDOS. I was even woken up by them. Our Network Management System would think something was down, I’d get paged, and discover it was a DDOS. Luckily, it was usually over by the time I woke up. I’d just be annoyed by the interruption of my sleep.
And DDOS continues today. It’s not a new thing, it’s an ongoing thing. It’s a big research topic too.
There’s quite a few different kinds of DDOS attacks. There’s the syn flood, the redirect, the ICMP flood, the UDP flood, the… application layer, the…. I could go on, people actually write posts about this and this post isn’t about the different kinds.
This post is about researching DDOS instead. And warning, I’m making some of this up.
Suppose a researcher comes up with a new DDOS type. We’ll call it UDPUnicorn. It’s a dangerous attack and incredibly difficult to defend if you’re the victim of the Unicorn, especially if there’s more than one coming after you. One Unicorn is bad, a thousand Unicorn instances will shut you down completely. So clearly this is something worth researching, right? Defend the Unicorn! Figure out that defense!
…Except… in the original paper, to make a Unicorn happen you need specialized hardware and software. Really specialized hardware. Like expensive, difficult to find, and install hardware that’s rarely put on the Internet. So hard to find that only one Unicorn attack has ever been recorded and that was by the original researcher when the attack got outside the lab by accident. (Accidents happen!)
But it’s a cool topic so researchers want to defend against this horrendous attack! It’s terrible! It’s horrible… it’s cool.
Except on the practical side, I’m more concerned about stopping those typical DDOS attacks. This weird attack that most likely isn’t going to happen isn’t even on my radar.
Researching this attack is fun, but not practical. DTRAP was created to help us find practical results that would help industry. A practitioner would ask a researcher ‘how do I stop these DDOS attacks I’m seeing right now!’ not ‘this random thing which is nearly impossible to happen, make it stop’.
We want practical solutions relevant to attacks and dangers seen by Industry. The readers of your research should be able to take that research and turn it into practice. Keep that in mind when you write for DTRAP.