If you’re an ACM member, or read ACM transactions on computer systems, or have a corporate membership to the ACM portal, then you really should checkout Inferring Internet denial-of-service activity. It’s a surprisingly simple method of determining how common denial of service attacks really are on the Internet. Like all good ideas, it’s also really obvious once it’s been pointed out.
@article{1132027,
author = {David Moore and Colleen Shannon and Douglas J. Brown and Geoffrey M. Voelker and Stefan Savage},
title = {Inferring Internet denial-of-service activity},
journal = {ACM Trans. Comput. Syst.},
volume = {24},
number = {2},
year = {2006},
issn = {0734-2071},
pages = {115--139},
doi = {http://doi.acm.org/10.1145/1132026.1132027},
publisher = {ACM Press},
address = {New York, NY, USA},
}