DDos Attacks Trends Defense 2013-2015

DDoS Attacks Over the Last Three Years: Emerging Trends and Defensive Approaches

Info: Example Statistical Analysis
Published: 30th September 2025 in Example Statistical Analysis

Share this:

Facebook
Twitter
Whatsapp
Linkedin

Related Services

Our academic writing and marking services can help you

Qualitative Statistical Analysis

The data shows DDoS attacks have become a major threat which can cause service disruptions for organizations. The number of DDoS attacks together with their frequency and bandwidth have shown continuous growth according to the Spamhaus attack example. The Spamhaus attack from 2013 became the biggest DDoS attack recorded at that time. The attack size remained unknown to the organization, but it successfully overwhelmed their connection and disabled their website for an extended duration. The attack used DNS reflection techniques to perform a layer 3 attack which became known as the largest DDoS attack in 2013. The DNS reflection attack method has become the leading cause of layer 3 DDoS attacks which now reach beyond 100 Gbps in size. The attack demonstrated that DNS reflection attacks depend on open DNS resolvers for their operation and the attack size will increase until organizations start implementing effective solutions to block these attacks. The attackers used open DNS resolvers to send DNS zone file requests for ripe.net during the Spamhaus attack. The open resolvers provided DNS zone file responses which produced 75 Gbps of attack traffic while each response contained 3,000 bytes that resulted in a 100x amplification effect. The attackers used 30,000 different DNS resolvers to execute their attack. The average amount of traffic each open DNS resolver transmitted during the attack reached 2.5 Mbps which remained below the detection threshold of most DNS resolvers.
The attackers used open DNS resolvers to send DNS zone file requests for ripe.net during this specific attack. The open resolvers combined to produce 75 Gbps of attack traffic through their DNS zone file response answers. The requests measured 36 bytes in length (dig ANY ripe.net @X.X.X.X +edns=0 +bufsize=4096) while the responses reached 3,000 bytes which resulted in a 100x amplification effect. The attack involved 30,000 different DNS resolvers which participated in the assault. The average transmission rate of open DNS resolvers reached 2.5 Mbps which remained below the detection threshold of most DNS resolvers. The attackers used DNS amplification techniques through their control of multiple servers and small botnets during this attack. The attack became more powerful because of two main factors: the absence of ingress filtering and the numerous open DNS resolvers available on the internet.
The analysis revealed that gaming websites became the primary targets for cyberattacks during 2014. League of Legends and Minecraft together with multiple other gaming websites received targeted attacks during this period. The attackers employed NTP amplification as their method to launch the assault which resulted in 100 Gbps traffic flooding on gaming servers. The preceding months saw NTP become the primary method which attackers used to launch their attacks.
The software and technology sector experienced the majority of DDoS attacks during 2015 because five major attacks exceeded 100 Gbps. The fourth quarter of 2014 saw 17 prominent attacks but 2015 recorded only five attacks which exceeded 100 Gbps. The largest DDoS attack during this period reached 309 Gbps which exceeded the 149 Gbps maximum from the third quarter of 2015. The DNS reflection attack method used in this incident mirrored the Spamhaus attack. The attackers used UDP fragmentation as an additional attack method.
The first two DDoS attack tools which appeared in use were Trinoo and Stacheldraht before they evolved into new versions. The deployment of new tools such as LOIC, HOIC, Slowloris, hping, RUDY, #RefRef and botnets occurred after the initial tools Trinoo and Stacheldraht. The DNS amplification tool became the primary weapon during the 2013 Spamhaus attack. The most common DDoS attack tools used in 2014 consisted of SYN flood attacks and NTP amplification. The attack tools used in 2015 included DNS reflection and UDP fragments together with SYN floods.

Get Expert Analysis on DDoS Attack Trends and Defense Strategies

The research team at PhD Assistance delivers detailed statistical data about DDoS attack patterns which includes DNS reflection and UDP flood methods. The team at PhD Assistance delivers complete information about attack techniques and tools and protective methods which align with your research requirements.

Contact us now to receive personalized assistance which will elevate your research work.

Share this:

Facebook
Twitter
Whatsapp
Linkedin

Cite this work

Study Resources

Free resources to assist you with your university studies!

This will close in 0 seconds