Abstract

Internet has become an important part of our everyday life. We use services like Netflix, Skype, online banking and Scopus etc. daily. We even use Internet for filing our tax returns and communicating with municipalities. This dependency on network-based technologies provides an opportunity to malicious actors in our society to remotely attack IT infrastructure. One type of cyberattack that may lead to unavailability of network resources is known as distributed denial of service (DDoS) attack. A DDoS attack leverages many computers to launch a coordinated Denial of Service attack against one or more targets. These attacks cause damages to victim businesses. According to reports published by several consultancies and security companies these attacks lead to millions of dollars in losses every year. One might ponder: are the damages caused by temporary unavailability of network services really this large? One of the points of criticism for these reports has been that they often base their findings on victim surveys and expert opinions. Now, as cost accounting/book keeping methods are not focused on measuring the impact of cyber security incidents, it is highly likely that surveys are unable to capture the true impact of an attack. A troubling fact is that most C-level managers make budgetary decisions for security based on the losses reported in these surveys. Several inputs for security investment decision models such as return on security investment (ROSI) also depend on these figures. This makes the situation very similar to the parable of the blind men and the elephant, in which several blind men try to conceptualise how the elephant looks like by touching it. Hence, it is important to develop methodologies that capture the true impact of DDoS attacks. In this thesis, we study the economic impact of DDoS attacks on public/private organisations by using an empirical approach. In Chapter 1 we explain the motivation for our work and illustrate the problems associated with measuring the economic impacts of DDoS attacks. We then formulate our main research question and break it down into sub-questions that we investigate in later chapters. We state our main research question as follows: What are the economic impacts of DDoS attacks on public/private organisations? Our first contribution is identifying the main stakeholders in a DDoS attack. In Chapter 2, we discuss the evolution of DDoS attacks in the last decade and briefly describe the strategies adopted by attackers and defenders. By studying the business model of a botnet, we also analyse how DDoS attacks can be used by attackers for monetary gains. Our second contribution is to develop methodologies to capture the direct impact of DDoS attacks. In Chapters 3 and 4 we measure the direct consequences of DDoS attacks on large managed domain name service (DNS) providers and a cryptocurrency exchange respectively. We find that a successful DDoS attack on a managed DNS service provider, changes the security behaviour of its customers. In the case of cryptocurrency exchange we find that the losses are recovered very quickly, on most instances even within a single day. We show how longitudinal datasets can be used to asses the impacts. The third contribution of this thesis is to develop methodologies to measure the indirect consequences of DDoS attacks. In Chapter 5, we propose a more robust event study approach and use it to analyse the impact of DDoS attack announcements on victims' stock prices. We find that in most cases this impact is short lived (5-10 days). In Chapter 6, we introduce a dataset based on web articles on DDoS attacks which captures the social context of an attack. We show how machine learning algorithms can be used to filter news articles that are reporting a DDoS attack from the dataset. We recognise that it is not possible to measure the true impact of DDoS attacks on the victim without learning about the aims of attackers. In Chapter 7, we propose a model based on Routine Activity Theory (RAT) to study attacker's aims by using the information about the attack reported in the news articles. Later in Chapter 8, we show how postulates of RAT may be used to explain DDoS attack trends on educational institutions. Our results show that DDoS attacks are not a random phenomenon and attackers are instigated by the circumstances surrounding them. We observe that measuring the true economic impact of these attacks is complex and requires us to consider the context of an attack. Some of the consequences of short duration IT unavailability are temporary and they are recovered rather quickly. Hence, to take this work forward we propose to give economic meaning to the empirical data that is presently available and collect more data at employee level to measure the resilience of firms towards IT unavailability.

Highlights

  • We introduce the topic and motivation of this Ph.D. thesis

  • Once we have identified the major stakeholders in a distributed denial of service (DDoS) attack and studied how they are affected, we proceed towards measuring the consequences

  • While much has been said about the impact of especially the Dyn attack, one aspect of these attacks has received far less attention, namely: What is the impact of such an attack on the behaviour of customers of affected managed DNS (MDNS) providers? In this chapter, we study this impact by looking at the Domain Name System (DNS) configuration of domains in a large DNS dataset

Read more

Summary

Introduction

We introduce the topic and motivation of this Ph.D. thesis. We describe the main research question and formulate the sub-questions. DDoS attacks require a means to execute, a motive to select the target and an opportunity to attack In this case, means refers to the attack tools or the necessary technical expertise needed to execute the attack, the aim of the attacker points towards the reason for the attacker to act and vulnerabilities in the network provide the opportunity for the attack. We end the chapter by discussing how Routine Activity Theory (RAT) can be used to evaluate attacker aims and the impact of victim routines on attack trends

Methods
Results
Discussion
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.