Introduction

An analysis of attacker aims behind Distributed Denial of Service (DDoS) attacks, aiming to gain insights into the motives behind such attacks. The study constructs a dataset by utilizing Google Alerts on DDoS attacks and applies the proposed model to analyze 27 distinct attack events that occurred in 2016. The analysis reveals several motives underlying DDoS attacks, including economic, socio-cultural, and political reasons. The findings emphasize the importance of a holistic perspective in accurately mapping threats and taking appropriate protective measures against DDoS attacks.

The study identifies mainly six categories of attacks and different motives:

1. Larget manufacturing companies
2. Public figures and ideological groups
3. Governments
4. Gaming and gambling platforms,
5. Internet service providers and hosting service providers
6. Financial institutions.

The analysis shows that economic motives are mainly in selecting, and socio-cultural and political aims are also significant.

Categories of Attacks

Based on target, victims, and attackers, six categories were identified. Here we have discussed each of them.

1. Attacks on large manufacturing companies, such as the attack on Nissan Motors During the Detroit auto show, Nisan Motors’ website went down as it got hit by a cyber attack.
2. Attacks targeting public figures and ideological groups, including attacks on Brian Krebs, Black Lives Matter, and the Ku Klux Klan.
3. Attacks on governments, such as those on the Australian, Irish, and Italian government websites.
4. Attacks on gaming and gambling platforms, including the Irish lottery website and the servers of the game "Pokémon Go."
5. Attacks on internet service providers and hosting service providers, such as the attacks on OVH and Dyn.
6. Attacks on financial institutions, exemplified by the attack on the British HSBC Bank.

Hybrid Model

The study suggests a hybrid model to understand why Distributed Denial of Service (DDoS) attacks happen. This model looks at both the victim and the infrastructure being targeted, considering various aspects like socio-cultural, economic, and political factors for the victim and criteria like value, inertia, visibility, and accessibility for the infrastructure.

Using this model on data from 27 different DDoS attacks in 2016, the study finds that attackers have various motives, not just economic ones. The model helps analyze decisions made by attackers in choosing victims and targets, providing insights into the different reasons behind such attacks. It emphasizes the need for a holistic perspective to accurately assess threats companies face and take the right protective measures.

Factors Influence The Likelihood of An Infrastructure Being Targeted For a DDoS Attack

The chance of a computer system being targeted in a DDoS attack depends on certain factors explained in the document. These factors are grouped under VIVA criteria:

1. Value: This means how important the system is to the victim. For instance, if a company makes a big part of its sales online, its web store is seen as highly valuable.
2. Inertia: This measures how resistant the system is when under attack. Systems with high inertia might have strong defenses against DDoS attacks or can handle intense network traffic well.
3. Visibility: This shows how exposed the system is to potential attackers. Highly visible systems are often public-facing, like websites available to everyone.
4. Accessibility: This refers to how easily attackers can reach the target and escape without getting caught. A system with high accessibility might be a server with easily accessible IP addresses and lacks network monitoring or intrusion detection systems.

Conclusion

It's vital to grasp the many reasons behind DDoS attacks. The suggested hybrid model and recognized factors offer an organized way for organizations to evaluate and improve their defense plans against these ever-changing threats.