1: \begin{abstract}

2: 

3: Motivated by the impressive but diffuse scope of DDoS research and reporting,

4: we undertake a multistakeholder (joint industry-academic)

5: analysis to seek convergence across the best available

6: macroscopic views of the relative trends in two dominant classes

7: of attacks – direct-path attacks and reflection-amplification attacks.

8: We first analyze 24 industry reports to extract trends and (in)consistencies

9: across observations by commercial stakeholders in 2022.

10: 	We then analyze ten data sets spanning industry and academic sources,

11: across four years (2019-2023), to find and explain discrepancies based on data

12: sources, vantage points, methods, and parameters.  

13: Our method includes a new approach:  we share an aggregated list of

14: DDoS targets with industry players who return the results of joining

15: this list with their proprietary data sources to reveal gaps in visibility

16: of the academic data sources.  We use academic data sources to explore

17: an industry-reported relative drop in spoofed reflection-amplification

18: attacks in 2021-2022.  Our study illustrates the value, but also

19: the challenge, in independent validation of security-related 

20: properties of Internet infrastructure. 

21: Finally, we reflect on opportunities to facilitate greater

22: common understanding of the DDoS landscape.

23: We hope our results inform not only future

24: academic and industry pursuits but also emerging policy efforts

25: to reduce systemic Internet security vulnerabilities.

26: 

27: 

28: 

29: 

30: 

31: \end{abstract}

32: