Pulse-Wave DDoS Cyber Attacks: Daniel Kopp Presents New Measurement Study at ITC36 in Trondheim
In June 2025, Daniel Kopp presented our Internet Measurements paper titled "DDoS on Repeat: Measuring Pulse-Wave DDoS in the Wild" at the 36th International Teletraffic Congress (ITC 36) in Trondheim, Norway, hosted by the Norwegian University of Science and Technology (NTNU). The conference marked the 70th anniversary of the ITC, the oldest and most established venue for research in networking science and practice, originally founded in 1955 by Arne Jensen.
Daniel's paper investigates the pulse-wave DDoS attack pattern, a phenomenon known in practice but rarely quantified in academic studies. By analyzing flow-level traffic data collected over four months at a major Internet Exchange Point (IXP), the study identifies more than 10,000 DDoS attacks, with 27% exhibiting pulse-wave characteristics.
Pulse-wave DDoS attacks are characterized by alternating bursts of intense traffic followed by quiet periods, making them harder to detect and mitigate using traditional approaches. This paper not only quantifies the prevalence of such attacks for the first time, but also provides methodological insight into identifying them from large-scale traffic traces.
The findings highlight that pulse-wave DDoS is no longer a fringe tactic, but a mainstream strategy among attackers, demanding renewed attention from the research community and operators alike.
We congratulate Daniel on his presentation at this historic edition of ITC and his continued contributions to advancing the security and resilience of the Internet infrastructure.