As an increasing number of applications and services are being made available over networks such as the Internet, an increasing number of content, application, and/or service providers are turning to technologies such as cloud computing. Cloud computing, in general, is an approach to providing access to electronic resources through services, such as Web services, where the hardware and/or software used to provide those services is dynamically scalable to meet the needs of the services at any given time. A user or customer often will rent, lease, or otherwise pay for access to resources provided in a service provider's system, and thus does not have to purchase and maintain the underlying hardware and/or software.
Such service provider systems may be affected by distributed denial-of-service (DDoS) attacks. A DDoS attack occurs when multiple systems overwhelm the bandwidth or resources of a targeted system, which often is a web server that implements a website or provides data for other applications. Such attacks can be the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. Service provider systems may be victims of DDoS attacks due to hosting resources—such as a website—that is a target of a DDoS attack.
Additionally, service provider systems may inadvertently enable or assist DDoS attacks by providing resources such as virtual machines or bandwidth that are involved in a DDoS attack. For example, a virtual machine that is implemented by a service provider system for a user may be compromised via malware and act as a traffic source for a DDoS attack. Moreover, malicious actors may be able to quickly launch a potentially large number of virtual machines within a service provider system—which may possibly be geographically distributed and have access to a large amount of network bandwidth—and direct those virtual machines to implement, in whole or in part, a DDoS attack against one or more target systems.