Performance and economies of ‘bot-less’ application-layer DDoS attacks

An interesting new trend pertaining to application-layer DDoS is the so-called `bot-less´ attack execution, in which - instead of a network of compromised computers (i.e., a network of bots/zombies) - the browsers of legitimate/non-infected computers are manipulated into generating the attack traffic. In this paper, we give an overview of two different forms of `bot-less´ application-layer DDoS attacks - one conducted by means of the so-called puppetnets, and the other by means of spam email with Web-bugs (as recently evaluated in our study [1]). In particular, we take the perspective of a potential DDoS attacker, and discuss the major pros and cons of each of these alternative attack approaches from the point of view of their performance, as well as from the point of view of their cost. We clearly identify scenarios when the use of `bot-less´ DDoS attack mechanisms may be preferred over the use of botnets. To the best of our knowledge, this paper is the first one to offer a comprehensive look at different application-layer DDoS execution mechanisms and bring attention to a potentially growing problem of `bot-less´ DDoS attacks.