In a network like the Internet, resources (e.g., pages of a website) may be requested by legitimate and malicious systems and persons alike. A distributed denial of service (DDoS) attack is an attempt to make resources of a network unavailable to legitimate users. A DDoS attack often involves multiple computers acting together to prevent a targeted website or service from functioning properly by having a group of multiple computers repeatedly request network resources of the website or service. This group of multiple computers is often referred to as a bot or botnet. A result of these repeated requests can be that a website or service has difficulty responding to legitimate requests due to an exhaustion of resources of a website's ability to serve content, and thus the website or service is effectively unavailable to legitimate users.
Generating and distributing reports of DDoS attacks for subscribers to gain certain insights can be an involved process. Existing reporting structures do not work in real-time and therefore do not provide subscribers the ability to make decisions on-the-fly that may help them mitigate imminent attacks. For example, sophisticated attackers can change locations and IP addresses between attacks, and therefore it can be less effective to block a “bad” IP address weeks or months after an attack.
Embodiments of the invention address these and other problems, individually and collectively.