Brij B. Gupta,Anshuman Singh

DOI: https://doi.org/10.4018/ijswis.297143

2022-01-01

Abstract:The demand for Internet security has escalated in the last two decades because the rapid proliferation in the number of Internet users has presented attackers with new detrimental opportunities. One of the simple yet powerful attack, lurking around the Internet today, is the Distributed Denial-of-Service (DDoS) attack. The expeditious surge in the collaborative environments, like IoT, cloud computing and SDN, have provided attackers with countless new avenues to benefit from the distributed nature of DDoS attacks. The attackers protect their anonymity by infecting distributed devices and utilizing them to create a bot army to constitute a large-scale attack. Thus, the development of an effective as well as efficient DDoS defense mechanism becomes an immediate goal. In this exposition, we present a DDoS threat analysis along with a few novel ground-breaking defense mechanisms proposed by various researchers for numerous domains. Further, we talk about popular performance metrics that evaluate the defense schemes. In the end, we list prevalent DDoS attack tools and open challenges.

Computer Science,Engineering

Rajat Tandon

DOI: https://doi.org/10.48550/arXiv.2008.01345

2020-08-04

Abstract:A distributed denial-of-service (DDoS) attack is an attack wherein multiple compromised computer systems flood the bandwidth and/or resources of a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. The flood of incoming messages, connection requests or malformed packets to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users or systems. This paper presents a literature review of DDoS attacks and the common defense mechanisms available. It also presents a literature review of the defenses for low-rate DDoS attacks that have not been handled effectively hitherto.

Cryptography and Security

B. B. Gupta,R. C. Joshi,Manoj Misra

DOI: https://doi.org/10.1080/19393550903317070

2009-11-06

Information Security Journal: A Global Perspective

Abstract:Distributed Denial of Service (DDoS) attacks on user machines, organizations, and infrastructures of the Internet have become highly publicized incidents and call for immediate solution. It is a complex and difficult problem characterized by an explicit attempt of the attackers to prevent access to resources by legitimate users for which they have authorization. Several schemes have been proposed on how to defend against these attacks, yet the problem still lacks a complete solution. The main purpose of this paper is therefore twofold. First is to present a comprehensive study of a wide range of DDoS attacks and defense methods proposed to combat them. This provides better understanding of the problem, current solution space, and future research scope to defend against DDoS attacks. Second is to propose an integrated solution for completely defending against flooding DDoS attacks at the Internet Service Provider (ISP) level.

Saman Taghavi Zargar,James Joshi,David Tipper

DOI: https://doi.org/10.1109/surv.2013.031413.00127

2013-01-01

Abstract:Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more targets. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks. In this paper, we explore the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack.

computer science, information systems,telecommunications

R. Karthikeyani,E. Karthikeyan

DOI: https://doi.org/10.9734/ajrcos/2023/v16i4378

2023-10-13

Asian Journal of Research in Computer Science

Abstract:Today’s world, technology has become an inevitable part of human life. In fact, during the Covid-19 pandemic, everything from the corporate world to educational institutions has shifted from offline to online. It leads to exponential increase in intrusions and attacks over the internet-based technologies. Distributed denial of service (DDOS) attack is one of the most dangerous attack that could cause devastating effects on the internet. These attacks are becoming more complex and expected to expand in number day after day, rendering detecting and combating these threats challenging. In network security this attack is very dangerous. The main aim of DDOS attack is to collapse the network or server with abnormal traffic to make server unavailable for the legitimate users. In this paper reviews various type of DDOS attacks, Symptoms of DDOS attack, role of botnet on DDOS attack and give some mitigation and prevention technique for DDOS attack.

B. B. Gupta,R. C. Joshi,Manoj Misra

DOI: https://doi.org/10.48550/arXiv.1208.3557

2012-08-17

Abstract:The significance of the DDoS problem and the increased occurrence, sophistication and strength of attacks has led to the dawn of numerous prevention mechanisms. Each proposed prevention mechanism has some unique advantages and disadvantages over the others. In this paper, we present a classification of available mechanisms that are proposed in literature on preventing Internet services from possible DDoS attacks and discuss the strengths and weaknesses of each mechanism. This provides better understanding of the problem and enables a security administrator to effectively equip his arsenal with proper prevention mechanisms for fighting against DDoS threat.

Cryptography and Security

徐恪,徐明伟,吴建平

DOI: https://doi.org/10.3969/j.issn.1000-1220.2004.03.005

2004-01-01

Abstract:Distributed denial-of-service attack (DDoS) brings a very serious threat to the stability of the Internet. In a typical DDoS attack, a large number of compromised hosts are amassed to send useless packets to jam the CPU or Internet connection of victim. In the last two years, it is discovered that DDoS attack methods and tools are becoming more sophisticated, effective, and also more difficult to trace to the real attackers. On the defense side, current technologies are still unable to withstand large-scale attacks. In this paper, we first describe various DDoS attack methods, and then present a discussion and review of current defense mechanisms such as IP traceback. Then we emphasis discuss a long-term solution, the Internet firewall approach, that attempts to intercept attack packets in the Internet core, well before reaching the victim.

Brij B. Gupta,Amrita Dahiya,Chivesh Upneja,Aditi Garg,Ruby Choudhary

DOI: https://doi.org/10.4018/978-1-7998-2242-4.ch010

2020-01-01

Abstract:DDoS attack always takes advantage of structure of Internet and imbalance of resources between defender and attacker. DDoS attacks are driven by factors like interdependency of Internet's security, limited resources, fewer incentives for home users and local ISPs, flexibility of handlers to control multiple compromised systems at the same time, untraceable nature of malicious packets and unfair distribution of resources all over the Internet. This survey chapter gives a comprehensive view on DDoS attacks and its defense mechanisms. Defense mechanisms are categorized according to the deployment position and nature of defense. Comprehensive study of DDoS attacks will definitely help researchers to understand the important issues related to cyber security.

Muhammad Aamir,Mustafa Ali Zaidi

DOI: https://doi.org/10.48550/arXiv.1401.6317

2014-03-22

Abstract:Distributed Denial of Service (DDoS) attacks exhaust victim's bandwidth or services. Traditional architecture of Internet is vulnerable to DDoS attacks and an ongoing cycle of attack & defense is observed. In this paper, different types and techniques of DDoS attacks and their countermeasures are reviewed. The significance of this paper is the coverage of many aspects of countering DDoS attacks including new research on the topic. We survey different papers describing methods of defense against DDoS attacks based on entropy variations, traffic anomaly parameters, neural networks, device level defense, botnet flux identifications and application layer DDoS defense. We also discuss some traditional methods of defense such as traceback and packet filtering techniques so that readers can identify major differences between traditional and current techniques of defense against DDoS attacks. Before the discussion on countermeasures, we mention different attack types under DDoS with traditional and advanced schemes while some information on DDoS trends in the year 2012 Quarter-1 is also provided. We identify that application layer DDoS attacks possess the ability to produce greater impact on the victim as they are driven by legitimate-like traffic making it quite difficult to identify and distinguish from legitimate requests. The need of improved defense against such attacks is therefore more demanding in research. The study conducted in this paper can be helpful for readers and researchers to recognize better techniques of defense in current times against DDoS attacks and contribute with more research on the topic in the light of future challenges identified in this paper.

Cryptography and Security

Tao Peng,Christopher Leckie,Kotagiri Ramamohanarao

DOI: https://doi.org/10.1145/1216370.1216373

IF: 16.6

2007-01-01

ACM Computing Surveys

Abstract:This article presents a survey of denial of service attacks and the methods that have been proposed for defense against these attacks. In this survey, we analyze the design decisions in the Internet that have created the potential for denial of service attacks. We review the state-of-art mechanisms for defending against denial of service attacks, compare the strengths and weaknesses of each proposal, and discuss potential countermeasures against each defense mechanism. We conclude by highlighting opportunities for an integrated solution to solve the problem of distributed denial of service attacks.

Ankit Kumar Jain,Hariom Shukla,Diksha Goel

DOI: https://doi.org/10.1007/s10586-024-04596-z

2024-06-23

Cluster Computing

Abstract:Software Defined Networking (SDN) has become increasingly prevalent in cloud computing, Internet of Things (IoT), and various environments to optimize network efficiency. While it provides a flexible network infrastructure, it also faces security threats, particularly from Distributed Denial of Service (DDoS) attacks due to its centralized design. This survey comprehensively reviews the efforts of various researchers in safeguarding SDN against DDoS attacks and analyzes different detection and mitigation strategies employed in SDN environments. Furthermore, the survey explores various types of DDoS attacks that can occur across different planes and communication links in SDN. Additionally, emerging security measures for preventing DDoS attacks in SDN are examined. The survey also reviews the datasets, tools, and simulators used for detecting DDoS attacks in SDN. Moreover, the survey identifies various open challenges in detecting and mitigating DDoS attacks in SDN and outlines potential future research directions. Lastly, the survey provides a comprehensive comparative analysis of various DDoS detection techniques based on various essential parameters.

computer science, information systems, theory & methods

Bruno L. Dalmazo,Jonatas A. Marques,Lucas R. Costa,Michel S. Bonfim,Ranyelson N. Carvalho,Anderson S. Silva,Stenio Fernandes,Jacir L. Bordim,Eduardo Alchieri,Alberto Schaeffer‐Filho,Luciano Paschoal Gaspary,Weverton Cordeiro

DOI: https://doi.org/10.1002/nem.2163

2021-05-24

International Journal of Network Management

Abstract:<p>Design flaws and vulnerabilities inherent to network protocols, devices, and services make Distributed Denial of Service (DDoS) a persisting threat in the cyberspace, despite decades of research efforts in the area. The historical vertical integration of traditional IP networks limited the solution space, forcing researchers to tweak network protocols while maintaining global compatibility and proper service to legitimate flows. The advent of Software-Defined Networking (SDN) and advances in Programmable Data Planes (PDP) changed the state of affairs and brought novel possibilities to deal with such attacks. In summary, the ability of bringing together network intelligence to a control plane, and offloading flow processing tasks to the forwarding plane, opened up interesting opportunities for network security researchers unlike ever. In this article, we dive into recent research that relies on SDN and PDP to detect, mitigate, and prevent DDoS attacks. Our literature review takes into account the SDN layered view as defined in RFC7426 and focuses on the data, control, and application planes. We follow a systematic methodology to capture related articles and organize them into a taxonomy of DDoS defense mechanisms focusing on three facets: <i>activity level</i>, <i>deployment location</i>, and <i>cooperation degree</i>. From the analysis of existing work, we also highlight key research gaps that may foster future research in the field.</p>

computer science, information systems,telecommunications

Iman Sharafaldin,Arash Habibi Lashkari,Saqib Hakak,Ali A. Ghorbani

DOI: https://doi.org/10.1109/ccst.2019.8888419

2019-10-01

Abstract:Distributed Denial of Service (DDoS) attack is a menace to network security that aims at exhausting the target networks with malicious traffic. Although many statistical methods have been designed for DDoS attack detection, designing a real-time detector with low computational overhead is still one of the main concerns. On the other hand, the evaluation of new detection algorithms and techniques heavily relies on the existence of well-designed datasets. In this paper, first, we review the existing datasets comprehensively and propose a new taxonomy for DDoS attacks. Secondly, we generate a new dataset, namely CICDDoS2019, which remedies all current shortcomings. Thirdly, using the generated dataset, we propose a new detection and family classificaiton approach based on a set of network flow features. Finally, we provide the most important feature sets to detect different types of DDoS attacks with their corresponding weights.

Eric Osterweil,Angelos Stavrou,Lixia Zhang

DOI: https://doi.org/10.48550/arXiv.1904.02739

2019-04-04

Networking and Internet Architecture

Abstract:Botnet Distributed Denial of Service (DDoS) attacks are now 20 years old; what has changed in that time? Their disruptive presence, their volume, distribution across the globe, and the relative ease of launching them have all been trending in favor of attackers. Our increases in network capacity and our architectural design principles are making our online world richer, but are favoring attackers at least as much as Internet services. The DDoS mitigation techniques have been evolving but they are losing ground to the increasing sophistication and diversification of the attacks that have moved from the network to the application level, and we are operationally falling behind attackers. It is time to ask fundamental questions: are there core design issues in our network architecture that fundamentally enable DDoS attacks? How can our network infrastructure be enhanced to address the principles that enable the DDoS problem? How can we incentivize the development and deployment of the necessary changes? In this article, we want to sound an alarm and issue a call to action to the research community. We propose that basic research and principled analyses are badly needed, because the status quo does not paint a pretty picture for the future.

Mohammad Najafimehr,Sajjad Zarifzadeh,Seyedakbar Mostafavi

DOI: https://doi.org/10.1002/eng2.12697

2023-05-31

Engineering Reports

Abstract:This review paper discusses the Distributed Denial of Service (DDoS) attacks, the machine learning‐based detection methods of these attacks and the existing challenges. Some of the most commonly used public datasets are also compared, and their strengths and shortcomings are discussed. Distributed denial of service (DDoS) attacks represent a significant cybersecurity challenge, posing a critical risk to computer networks. Developing an effective defense mechanism against these attacks is crucial but challenging, given their diverse attack types, network and computing platform heterogeneity, and complex communication protocols. Moreover, the emergence of innovative DDoS attack methods presents a formidable threat to existing countermeasures. Various machine learning techniques have shown promise in detecting DDoS attacks with low false‐positive rates and high detection rates. This survey paper offers a comprehensive taxonomy of machine learning‐based methods for detecting DDoS attacks, reviewing supervised, unsupervised, hybrid approaches, and analyzing the related challenges. Further, we explore relevant datasets, highlighting their strengths and limitations, and propose future research directions to address the current gaps in this domain. This paper aims to provide a profound understanding of DDoS attack detection mechanisms, aiding researchers, and practitioners in developing effective cybersecurity approaches against such attacks. This research is essential because DDoS attacks are diverse and pose a formidable threat to computer networks, and various machine learning techniques have shown promise in detecting them. Its implications include providing insights that can inform the development of robust defense mechanisms against DDoS attacks.

Yinghao Su,Dapeng Xiong,Kechang Qian,Yu Wang

DOI: https://doi.org/10.3390/electronics13040807

IF: 2.9

2024-02-20

Electronics

Abstract:The widespread adoption of software-defined networking (SDN) technology has brought revolutionary changes to network control and management. Compared to traditional networks, SDN enhances security by separating the control plane from the data plane and replacing the traditional network architecture with a more flexible one. However, due to its inherent architectural flaws, SDN still faces new security threats. This paper expounds on the architecture and security of SDN, analyzes the vulnerabilities of SDN architecture, and introduces common distributed denial of service (DDoS) attacks within the SDN architecture. This article also provides a review of the relevant literature on DDoS attack detection and mitigation in the current SDN environment based on the technologies used, including statistical analysis, machine learning, policy-based, and moving target defense techniques. The advantages and disadvantages of these technologies, in terms of deployment difficulty, accuracy, and other factors, are analyzed. Finally, this study summarizes the SDN experimental environment and DDoS attack traffic generators and datasets of the reviewed literature and the limitations of current defense methods and suggests potential future research directions.

engineering, electrical & electronic,computer science, information systems,physics, applied

Qing Li,He Huang,Ruoyu Li,Jianhui Lv,Zhenhui Yuan,Lianbo Ma,Yi Han,Yong Jiang

DOI: https://doi.org/10.1016/j.comnet.2023.109895

IF: 5.493

2023-01-01

Computer Networks

Abstract:In the past ten years, the source of DDoS has migrated to botnets composed of IoT devices. The scale of DDoS attacks increases dramatically with the number of IoT devices.New variants of DDoS attacks using different system vulnerabilities emerge in an endless stream. In response to this situation, researchers have made significant contributions to the field of DDoS defense by applying modern programmable network technology and network-level resource scheduling management technology. However, the existing review articles need more research on these technologies. After investigating the development trend of DDoS attacks in recent years and the new challenges caused by them, this paper classifies the new technologies that have emerged in the field of DDoS defense in the past ten years. Among them, the collaboration between domains and inter-domain resource scheduling is one of the critical challenges in designing a large-scale distributed DDoS cooperative defense system. In addition, modern programmable network technology has dramatically expanded network systems' functional diversity and deployment flexibility. We will discuss building a defense system based on programmable networks and focus on SOTA defense solutions based on programmable switches. Finally, developing DDoS defense mechanisms with broad-spectrum detection capabilities, robustness against adversarial attacks, and cost-effective and collaborative DDoS defense mechanisms for establishing the Internet are future research directions in network security.

XU Xiaoqiong,YU Hongfang,YANG Kun

DOI: https://doi.org/10.3969/j.issn.1673-5188.2017.03.003

2019-01-01

Abstract:Distributed Denial of Service（DDoS） attacks have been one of the most destructive threats to Internet security. By decoupling the network control and data plane, software defined networking（SDN） offers a flexible network management paradigm to solve DDoS attack in traditional networks. However, the centralized nature of SDN is also a potential vulnerability for DDo S attack. In this paper, we first provide some SDN-supported mechanisms against DDoS attack in traditional networks. A systematic review of various SDN-self DDo S threats are then presented as well as the existing literatures on quickly DDoS detection and defense in SDN. Finally, some promising research directions in this field are introduced.

FuiFui Wong,Cheng Xiang Tan

DOI: https://doi.org/10.5121/ijnsa.2014.6305

2014-01-01

Abstract:Distributed Denial of Service (DDoS) attacks today have been amplified into gigabits volume with broadband Internet access; at the same time, the use of more powerful botnets and common DDoS mitigation and protection solutions implemented in small and large organizations’ networks and servers are no longer effective. Our survey provides an in-depth study on the current largest DNS reflection attack with more than 300 Gbps on Spamhaus.org. We have reviewed and analysed the current most popular DDoS attack types that are launched by the hacktivists. Lastly, effective cloud-based DDoS mitigation and protection techniques proposed by both academic researchers and large commercial cloud-based DDoS service providers are discussed.

Shibo Luo,Jun Wu,Jianhua Li,Bei Pei

DOI: https://doi.org/10.1109/FCST.2015.11

2015-01-01

Abstract:Distributed Denial of Service (DDoS) attack is a major threat to Internet based killer applications, such as independent news web sites, e-business and online games. Detecting and blocking such clever attacks has become difficult. Software-Defined Networks (SDN) has emerged as a future communication network architecture which decouples network control and forwarding. It has some particular features such as central control and programmability to combat against DDoS attack. In this paper, we survey DDoS attacks and existing defense mechanisms, and draw a conclusion of the needs of defense mechanism for successful combating against DDoS. Then, we analyze the particular features of SDN and conclude it is conducive to countermeasure DDoS attack. According the analysis, we construct a defense mechanism for DDoS in SDN. At last, we illustrate how this mechanism could combat against DDoS attacks through a working example.