Impact-based optimisation of BGP Flowspec rules for DDoS attack mitigation

Distributed Denial of Service (DDoS) attacks aim to take Internet services offline and their frequency and scale is increasing. BGP Flowspec (RFC 5575) defines a protocol to rapidly deploy rules consisting of filters and actions on Internet traffic, and related research shows its potential for DDoS attack mitigation. The protocol allows for taking action on large volumes of traffic, but impact to end-users is imminent because of its low granularity in rule specification. In this paper, we provide a method for quantifying end-user impact of BGP Flowspec rules, including a practical solution to deploy rules into the network. The goal of this research is reducing end-user impact while mitigating an ongoing DDoS attack using BGP Flowspec.