A Survey on DDoS Attack and Defense Strategies: From Traditional Schemes to Current Techniques

Distributed Denial of Service (DDoS) attacks exhaust victim’s bandwidth or services. Traditional architecture of Internet is vulnerable to DDoS attacks and an ongoing cycle of attack & defense is observed. A recent attack report of year 2013 — ‘Quarter 1’ from Prolexic Technologies identifies that 1.75 percent increase in total number of DDoS attacks has been recorded as compared to similar attacks of previous year’s last quarter. In this paper, different types and techniques of DDoS attacks and their countermeasures are surveyed. The significance of this paper is the coverage of many aspects of countering DDoS attacks including new research on the topic. We survey different papers describing methods of defense against DDoS attacks based on entropy variations, traffic anomaly parameters, neural networks, device level defense, botnet flux identifications, application layer DDoS defense and countermeasures in wireless networks, CCN & cloud computing environments. We also discuss some traditional methods of defense such as traceback and packet filtering techniques, so that readers can identify major differences between traditional and current techniques of defense against DDoS attacks. We identify that application layer DDoS attacks possess the ability to produce greater impact on the victim as they are driven by legitimate-like traffic, making it quite difficult to identify and distinguish from legitimate requests. The need of improved defense against such attacks is therefore more demanding in research. The study conducted in this paper can be helpful for readers and researchers to recognize better techniques of defense in current times against DDoS attacks and contribute with more research on this topic in the light of future challenges identified in this paper.

[1]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[2]  Yoo Chung Distributed denial of service is a scalability problem , 2012, CCRV.

[3]  Juho Kim,et al.  DDoS avoidance strategy for service availability , 2011, Cluster Computing.

[4]  Aikaterini Mitrokotsa,et al.  Intrusion Detection with Neural Networks and Watermarking Techniques for MANET , 2007, IEEE International Conference on Pervasive Services.

[5]  Ricardo Staciarini Puttini,et al.  Security in Ad Hoc Networks: a General Intrusion Detection Architecture Enhancing Trust Based Approaches , 2002, Wireless Information Systems.

[6]  Douglas Jacobson,et al.  The Insecurity of Cloud Utility Models , 2013, IT Professional.

[7]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[8]  Wei Jiang,et al.  Botnet: Survey and Case Study , 2009, 2009 Fourth International Conference on Innovative Computing, Information and Control (ICICIC).

[9]  Vasilios Katos,et al.  Real time DDoS detection using fuzzy estimators , 2012, Comput. Secur..

[10]  Lawrence K. Saul,et al.  Identifying suspicious URLs: an application of large-scale online learning , 2009, ICML '09.

[11]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[12]  Amir Herzberg,et al.  LOT: A Defense Against IP Spoofing and Flooding Attacks , 2012, TSEC.

[13]  Anang Hudaya Muhamad Amin,et al.  Lightweight and distributed attack detection scheme in mobile ad hoc networks , 2009, MoMM.

[14]  Brij B. Gupta,et al.  Predicting Number of Zombies in a DDoS Attack Using ANN Based Scheme , 2011 .

[15]  Mithun Acharya,et al.  Intelligent Jamming in 802 . 11 b Wireless Networks , 2004 .

[16]  Gyungho Lee,et al.  DDoS Attack Detection and Wavelets , 2005, Telecommun. Syst..

[17]  Supranamaya Ranjan,et al.  DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks , 2009, IEEE/ACM Transactions on Networking.

[18]  Tadashi Dohi,et al.  Sensitivity Analysis of Random Port Hopping , 2010, 2010 7th International Conference on Ubiquitous Intelligence & Computing and 7th International Conference on Autonomic & Trusted Computing.

[19]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[20]  Yeh-Ching Chung,et al.  Dynamic probabilistic packet marking for efficient IP traceback , 2007, Comput. Networks.

[21]  Bo Hong,et al.  Managing flash crowds on the Internet , 2003, 11th IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer Telecommunications Systems, 2003. MASCOTS 2003..

[22]  Urbashi Mitra,et al.  Remote detection of bottleneck links using spectral and statistical methods , 2009, Comput. Networks.

[23]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[24]  Gurjinder Kaur,et al.  Distributed Denial of Service Attacks in Mobile Adhoc Networks , 2011 .

[25]  Wanlei Zhou,et al.  Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks , 2011, J. Netw. Comput. Appl..

[26]  Michael Biehl,et al.  Dynamics and Generalization Ability of LVQ Algorithms , 2007, J. Mach. Learn. Res..

[27]  Alexander G. Tartakovsky,et al.  A novel approach to detection of \denial{of{service" attacks via adaptive sequential and batch{sequential change{point detection methods , 2001 .

[28]  Khadijah Wan Mohd Ghazali,et al.  Flooding Distributed Denial of Service Attacks-A Review , 2011 .

[29]  Srikanth V. Krishnamurthy,et al.  Denial of Service Attacks in Wireless Networks: The Case of Jammers , 2011, IEEE Communications Surveys & Tutorials.

[30]  Heejo Lee,et al.  Tracking multiple C&C botnets by analyzing DNS traffic , 2010, 2010 6th IEEE Workshop on Secure Network Protocols.

[31]  Wenyuan Xu,et al.  The feasibility of launching and detecting jamming attacks in wireless networks , 2005, MobiHoc '05.

[32]  Gary Anthes,et al.  Security in the cloud , 2010, Commun. ACM.

[33]  Aikaterini Mitrokotsa,et al.  Denial‐of‐Service Attacks , 2007 .

[34]  Leyla Bilge,et al.  EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis , 2011, NDSS.

[35]  Usman Tariq,et al.  A Comprehensive Categorization of DDoS Attack and DDoS Defense Techniques , 2006, ADMA.

[36]  Idit Keidar,et al.  An Empirical Study of Denial of Service Mitigation Techniques , 2008, 2008 Symposium on Reliable Distributed Systems.

[37]  Jin Li,et al.  DDoS attack detection based on neural network , 2010, 2010 2nd International Symposium on Aware Computing.

[38]  Scott F. Midkiff,et al.  Denial-of-Service in Wireless Sensor Networks: Attacks and Defenses , 2008, IEEE Pervasive Computing.

[39]  Srinivasan Seshan,et al.  Understanding and mitigating the impact of RF interference on 802.11 networks , 2007, SIGCOMM 2007.

[40]  Youngseok Lee,et al.  A Network Monitoring Tool for CCN , 2012, 2012 World Telecommunications Congress.

[41]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[42]  S. Selvakumar,et al.  Distributed Denial-of-Service (DDoS) Threat in Collaborative Environment - A Survey on DDoS Attack Tools and Traceback Mechanisms , 2009, 2009 IEEE International Advance Computing Conference.

[43]  Roger P. Karrer,et al.  Joint Application and Network Defense against DDoS Flooding Attacks in the Future Internet , 2008, 2008 Second International Conference on Future Generation Communication and Networking.

[44]  A. B. M. Shawkat Ali,et al.  A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing , 2012, Future Gener. Comput. Syst..

[45]  Ali A. Ghorbani,et al.  Botnet detection based on traffic behavior analysis and flow intervals , 2013, Comput. Secur..

[46]  S. Hemalatha,et al.  DDoS Attacks Defense System Using Information Metrics , 2013 .

[47]  Rituparna Chaki,et al.  Intrusion Detection in Wireless Ad-Hoc Networks , 2014 .

[48]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[49]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[50]  Indranil Sengupta,et al.  A Mechanism for Detection and Prevention of Distributed Denial of Service Attacks , 2006, ICDCN.

[51]  Mofassir Ul Haque,et al.  Performance analysis of blind routing algorithms over content centric networking architecture , 2012, 2012 International Conference on Computer and Communication Engineering (ICCCE).

[52]  Bülent Tavli,et al.  Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks , 2009, Comput. Stand. Interfaces.

[53]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[54]  Shian-Shyong Tseng,et al.  Constructing detection knowledge for DDoS intrusion tolerance , 2004, Expert Syst. Appl..

[55]  Ying Zheng,et al.  Distributed Denial of Service Attack Principles and Defense Mechanisms , 2011 .

[56]  Sanjeev Khanna,et al.  Adaptive Selective Verification: An Efficient Adaptive Countermeasure to Thwart DoS Attacks , 2012, IEEE/ACM Transactions on Networking.

[57]  Ali A. Ghorbani,et al.  Network Anomaly Detection Based on Wavelet Analysis , 2009, EURASIP J. Adv. Signal Process..

[58]  George Kesidis,et al.  Denial-of-service attack-detection techniques , 2006, IEEE Internet Computing.

[59]  Charles F. Hockett,et al.  A mathematical theory of communication , 1948, MOCO.

[60]  Jun Bi,et al.  An adaptive probabilistic marking scheme for fast and secure traceback , 2013 .

[61]  Jelena Mirkovic,et al.  D-WARD: a source-end defense against flooding denial-of-service attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[62]  Akihiro Nakao,et al.  DDoS defense as a network service , 2010, 2010 IEEE Network Operations and Management Symposium - NOMS 2010.

[63]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[64]  Shunzheng Yu,et al.  Monitoring the Application-Layer DDoS Attacks for Popular Websites , 2009, IEEE/ACM Transactions on Networking.

[65]  A. L. Sangal,et al.  Traceback techniques against DDOS attacks: A comprehensive review , 2011, 2011 2nd International Conference on Computer and Communication Technology (ICCCT-2011).

[66]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[67]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[68]  H. Lipson Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues , 2002 .

[69]  Felix C. Freiling,et al.  Measuring and Detecting Fast-Flux Service Networks , 2008, NDSS.

[70]  Supranamaya Ranjan,et al.  DDoS-Resilient Scheduling to Counter Application Layer Attacks Under Imperfect Detection , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[71]  Wanlei Zhou,et al.  Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics , 2011, IEEE Transactions on Information Forensics and Security.

[72]  Georgios Loukas,et al.  Protection Against Denial of Service Attacks: A Survey , 2010, Comput. J..

[73]  Sujatha Sivabalan,et al.  A novel framework to detect and block DDoS attack at the application layer , 2013, IEEE 2013 Tencon - Spring.

[74]  Dharma P. Agrawal,et al.  Security enhancements in AODV protocol for wireless ad hoc networks , 2001, IEEE 54th Vehicular Technology Conference. VTC Fall 2001. Proceedings (Cat. No.01CH37211).

[75]  Idit Keidar,et al.  Keeping Denial-of-Service Attackers in the Dark , 2007, IEEE Transactions on Dependable and Secure Computing.

[76]  Yuguang Fang,et al.  A queueing analysis for the denial of service (DoS) attacks in computer networks , 2007, Comput. Networks.

[77]  B. B. Gupta,et al.  On Estimating Strength of a DDoS Attack Using Polynomial Regression Model , 2011, ACC.

[78]  Wesley M. Eddy,et al.  TCP SYN Flooding Attacks and Common Mitigations , 2007, RFC.

[79]  A. Kannammal,et al.  A hybrid defense mechanism for DDoS attacks using cluster analysis in MANET , 2012, ICACCI '12.

[80]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[81]  Stefan Savage,et al.  802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions , 2003, USENIX Security Symposium.

[82]  Marina Papatriantafilou,et al.  Mitigating Distributed Denial of Service Attacks in Multiparty Applications in the Presence of Clock Drifts , 2012, IEEE Trans. Dependable Secur. Comput..

[83]  G. Subbalakshmi,et al.  Tracing Sources of DDoS Attacks in IP Networks Using Machine Learning Automatic Defence System , 2012 .

[84]  Ali Dehghantanha,et al.  Utilizing trusted platform module to mitigate botnet attacks , 2010, 2010 International Conference on Computer Applications and Industrial Electronics.

[85]  Kang G. Shin,et al.  Measurement and analysis of global IP-usage patterns of fast-flux botnets , 2011, 2011 Proceedings IEEE INFOCOM.

[86]  Lev N. Shchur,et al.  On the universality of rank distributions of website popularity , 2004, Comput. Networks.

[87]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[88]  B. B. Gupta,et al.  A Comparative Study of Distributed Denial of Service Attacks, Intrusion Tolerance and Mitigation Techniques , 2011, 2011 European Intelligence and Security Informatics Conference.

[89]  Wanlei Zhou,et al.  Distributed Denial of Service (DDoS) detection by traffic pattern analysis , 2014, Peer-to-Peer Netw. Appl..

[90]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[91]  E. S. Phalguna Krishna,et al.  An Efficient Flash Crowd Attack Detection to Internet Threat Monitors (ITM) Using Honeypots , 2012, ACITY.

[92]  Zhizhong Zhao,et al.  Application and Comparison of BP Neural Network Algorithm in MATLAB , 2010, 2010 International Conference on Measuring Technology and Mechatronics Automation.

[93]  Spyros Antonatos,et al.  Enhanced CAPTCHAs: Using Animation to Tell Humans and Computers Apart , 2006, Communications and Multimedia Security.

[94]  Jian Yuan,et al.  Monitoring the macroscopic effect of DDoS flooding attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[95]  Theodore Tryfonas,et al.  A game theoretic defence framework against DoS/DDoS cyber attacks , 2013, Comput. Secur..

[96]  Kang G. Shin,et al.  Defense Against Spoofed IP Traffic Using Hop-Count Filtering , 2007, IEEE/ACM Transactions on Networking.

[97]  Muhammad Naveed,et al.  Network intrusion prevention by configuring ACLs on the routers, based on snort IDS alerts , 2010, 2010 6th International Conference on Emerging Technologies (ICET).

[98]  Vamsi Paruchuri,et al.  TTL Based Packet Marking for IP Traceback , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[99]  Dan Schnackenberg,et al.  Statistical approaches to DDoS attack detection and response , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[100]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[101]  A. Jamalipour,et al.  Detection of DoS and DDoS attacks in NGMN using frequency domain analysis , 2008, 2008 14th Asia-Pacific Conference on Communications.

[102]  Mithun Acharya,et al.  Intelligent Jamming Attacks , Counterattacks and ( Counter ) 2 Attacks in 802 . 11 b Wireless Networks , 2005 .

[103]  Di Wu,et al.  A Survey on Latest Botnet Attack and Defense , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[104]  Geert Deconinck,et al.  Denial of Service Attacks: a Tutorial , 2011 .

[105]  Fengnian Liu,et al.  Fast Algorithm of Evolutional Learning Neural Network , 2012, 2012 Second International Conference on Intelligent System Design and Engineering Application.

[106]  Brij B. Gupta,et al.  Estimating Strength of a DDoS Attack in Real Time Using ANN Based Scheme , 2011 .

[107]  Michael Walfish,et al.  DDoS defense by offense , 2006, SIGCOMM 2006.

[108]  B. Joshi,et al.  Securing cloud computing environment against DDoS attacks , 2012, 2012 International Conference on Computer Communication and Informatics.

[109]  Shui Yu,et al.  CBF: A Packet Filtering Method for DDoS Attack Defense in Cloud Environment , 2011, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.

[110]  Serge Fdida,et al.  Research challenges towards the Future Internet , 2011, Comput. Commun..

[111]  Zhang Chao-yang DOS Attack Analysis and Study of New Measures to Prevent , 2011, 2011 International Conference on Intelligence Science and Information Engineering.

[112]  Vinod Yegneswaran,et al.  BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[113]  Allen Y. Chang,et al.  Early Warning System for DDoS Attacking Based on Multilayer Deployment of Time Delay Neural Network , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[114]  Lee Garber,et al.  Denial-of-Service Attacks Rip the Internet , 2000, Computer.

[115]  Jonathon Shlens,et al.  A Tutorial on Principal Component Analysis , 2014, ArXiv.

[116]  Manoj Misra,et al.  Estimating Strength of a DDoS Attack Using Multiple Regression Analysis , 2011 .

[117]  Massimo Gallo,et al.  Modeling data transfer in content-centric networking , 2011, 2011 23rd International Teletraffic Congress (ITC).

[118]  Taieb Znati,et al.  New Approach to Mitigating Distributed Service Flooding Attacks , 2012, ICONS 2012.

[119]  Geert Deconinck,et al.  Analyzing well-known countermeasures against distributed denial of service attacks , 2012, Comput. Commun..

[120]  C. Tripti,et al.  An Effective Approach to Detect DDos Attack , 2012, ACITY.

[121]  Dharma P. Agrawal,et al.  SVM-based intrusion detection system for wireless ad hoc networks , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).

[122]  Olivier Cappé,et al.  Distributed detection/localization of change-points in high-dimensional network traffic data , 2009, Statistics and Computing.

[123]  Dustin Burke,et al.  Real-Time Detection of Fast Flux Service Networks , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[124]  Wanlei Zhou,et al.  Distinguishing DDoS Attacks from Flash Crowds Using Probability Metrics , 2009, 2009 Third International Conference on Network and System Security.

[125]  Wanlei Zhou,et al.  Detection and defense of application-layer DDoS attacks in backbone web traffic , 2014, Future Gener. Comput. Syst..

[126]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[127]  Wanlei Zhou,et al.  Traceback of DDoS Attacks Using Entropy Variations , 2011, IEEE Transactions on Parallel and Distributed Systems.

[128]  Tao Zhang,et al.  Defense of DDoS attack for cloud computing , 2012, 2012 IEEE International Conference on Computer Science and Automation Engineering (CSAE).

[129]  Jitendra Malik,et al.  Recognizing objects in adversarial clutter: breaking a visual CAPTCHA , 2003, 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2003. Proceedings..

[130]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[131]  Zhou Su,et al.  Mitigating DDoS Attacks Using Protection Nodes in Mobile Ad Hoc Networks , 2011, 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011.

[132]  Bojan Cukic,et al.  Validating neural network-based online adaptive systems: a case study , 2007, Software Quality Journal.

[133]  Urbashi Mitra,et al.  Parametric Methods for Anomaly Detection in Aggregate Traffic , 2011, IEEE/ACM Transactions on Networking.

[134]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[135]  Patrick McDaniel,et al.  Voice-over-IP Security: Research and Practice , 2010 .

[136]  Lawrence K. Saul,et al.  Beyond blacklists: learning to detect malicious web sites from suspicious URLs , 2009, KDD.

[137]  Timothy X. Brown,et al.  Jamming and sensing of encrypted wireless ad hoc networks , 2006, MobiHoc '06.

[138]  Youngseok Lee,et al.  Detecting DDoS attacks with Hadoop , 2011, CoNEXT '11 Student.

[139]  Vijay Varadharajan,et al.  Counteracting DDoS attacks in WLAN , 2011, SIN '11.

[140]  Martin Eian,et al.  The modeling and comparison of wireless network denial of service attacks , 2011, MobiHeld '11.

[141]  R. R. Brooks Disruptive Security Technologies with Mobile Code and Peer-to-Peer Networks , 2004 .

[142]  Joseph Idziorek,et al.  Security analysis of public cloud computing , 2012, Int. J. Commun. Networks Distributed Syst..

[143]  Jörg Ott,et al.  On content-centric router design and implications , 2010, ReARCH '10.

[144]  Shunzheng Yu,et al.  A Novel Model for Detecting Application Layer DDoS Attacks , 2006, First International Multi-Symposiums on Computer and Computational Sciences (IMSCCS'06).

[145]  Diego Perino,et al.  Experimental Evaluation of Memory Management in Content-Centric Networking , 2011, 2011 IEEE International Conference on Communications (ICC).

[146]  Muhammad Arif,et al.  Study and Performance Evaluation on Recent DDoS Trends of Attack & Defense , 2013 .