If you’re an ACM member, or read ACM transactions on computer systems, or have a corporate membership to the ACM portal, then you really should checkout Inferring Internet denial-of-service activity. It’s a surprisingly simple method of determining how common denial of service attacks really are on the Internet. Like all good ideas, it’s also really obvious once it’s been pointed out.
@article{1132027, author = {David Moore and Colleen Shannon and Douglas J. Brown and Geoffrey M. Voelker and Stefan Savage}, title = {Inferring Internet denial-of-service activity}, journal = {ACM Trans. Comput. Syst.}, volume = {24}, number = {2}, year = {2006}, issn = {0734-2071}, pages = {115--139}, doi = {http://doi.acm.org/10.1145/1132026.1132027}, publisher = {ACM Press}, address = {New York, NY, USA}, }