Denial of service attacks, defences and research challenges

This paper presents a review of current denial of service (DoS) attack and defence concepts, from a theoretical ad practical point of view. Seriousness of DoS attacks is tangible and they present one of the most significant threats to assurance of dependable and secure information systems, which is growing in importance. Rapid development of new and increasingly sophisticated attacks requires resourcefulness in designing and implementing reliable defences. We focus on providing a both fresh and relevant state of art reference with included different perspectives, such as economic DoS (EDoS) or offensive countermeasures in the cyber space. Considering the elaborated DoS mechanisms and state of art review, our considerations of main challenges are discussed. Directions are proposed for future research, considered required in defending against the DoS threat, which is evolving into a potentially major disruptive factor for global security models on all levels.

[1]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[2]  Moses Garuba,et al.  Cloud Computing Vulnerability: DDoS as Its Main Security Threat, and Analysis of IDS as a Solution Model , 2014, 2014 11th International Conference on Information Technology: New Generations.

[3]  C. Kruegel,et al.  Mining the Network Behavior of Bots , 2009 .

[4]  C. Pandu Rangan,et al.  Game Theoretic Resistance to Denial of Service Attacks Using Hidden Difficulty Puzzles , 2010, ISPEC.

[5]  Laxmi N. Bhuyan,et al.  Anatomy and Performance of SSL Processing , 2005, IEEE International Symposium on Performance Analysis of Systems and Software, 2005. ISPASS 2005..

[6]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[7]  Richard Colbaugh,et al.  Proactive defense for evolving cyber threats , 2011, Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics.

[8]  Georg Carle,et al.  Real-time Analysis of Flow Data for Network Attack Detection , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.

[9]  B. Endicott-Popovsky,et al.  Adding the fourth "R" [CERT's model for computer security strategies] , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[10]  Jugal K. Kalita,et al.  Detecting Distributed Denial of Service Attacks: Methods, Tools and Future Directions , 2014, Comput. J..

[11]  Eric J Holdaway,et al.  Active Computer Network Defense: An Assessment , 2012 .

[12]  Karen A. Scarfone,et al.  Computer Security Incident Handling Guide , 2004 .

[13]  Mark Handley,et al.  Internet Denial-of-Service Considerations , 2006, RFC.

[14]  Surajit Chaudhuri,et al.  Proceedings of the 1st ACM Symposium on Cloud Computing, SoCC 2010, Indianapolis, Indiana, USA, June 10-11, 2010 , 2010, ACM Symposium on Cloud Computing.

[15]  Richard E. Overill,et al.  Detection of known and unknown DDoS attacks using Artificial Neural Networks , 2016, Neurocomputing.

[16]  Deborah A. Frincke,et al.  Adding the Fourth "R": A Systems Approach to Solving the Hacker's Arms Race , 2006 .

[17]  S VivinSandar,et al.  Economic Denial of Sustainability (EDoS) in Cloud Services using HTTP and XML based DDoS Attacks , 2012 .

[18]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[19]  B. B. Gupta,et al.  Distributed Denial of Service Prevention Techniques , 2012, ArXiv.

[20]  Kemal Bicakci,et al.  Reverse SSL: Improved Server Performance and DoS Resistance for SSL Handshakes , 2006, IACR Cryptol. ePrint Arch..

[21]  Mitko Bogdanoski,et al.  Analysis of the SYN Flood DoS Attack , 2013 .

[22]  Joan Feigenbaum,et al.  A Model of Onion Routing with Provable Anonymity , 2007, Financial Cryptography.

[23]  Tim Mather,et al.  Cloud Security and Privacy , 2023, International Journal for Research in Applied Science and Engineering Technology.

[24]  M. Abliz Internet Denial of Service Attacks and Defense Mechanisms , 2011 .

[25]  Tillmann Werner,et al.  Proactive Botnet Countermeasures An Offensive Approach , 2009 .

[26]  Daniel P. Siewiorek,et al.  Reliable Computer Systems: Design and Evaluation, Third Edition , 1998 .

[27]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[28]  Michael Walfish,et al.  DDoS defense by offense , 2006, TOCS.

[29]  Roberto Perdisci,et al.  From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware , 2012, USENIX Security Symposium.

[30]  Paul Francis,et al.  Mitigating DNS DoS attacks , 2008, CCS.

[31]  Bhavani M. Thuraisingham,et al.  Towards cyber operations - The new role of academic cyber security research and education , 2012, 2012 IEEE International Conference on Intelligence and Security Informatics.

[32]  Chin-Ling Chen A New Detection Method for Distributed Denial-of-Service Attack Traffic based on Statistical Test , 2009, J. Univers. Comput. Sci..

[33]  Josh Johnson Implementing Active Defense Systems on Private Networks , 2013 .

[34]  Khadijah Wan Mohd Ghazali,et al.  Flooding Distributed Denial of Service Attacks-A Review , 2011 .

[35]  Massimiliano Rak,et al.  Stealthy Denial of Service Strategy in Cloud Computing , 2015, IEEE Transactions on Cloud Computing.

[36]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[37]  Taieb Znati,et al.  Defeating DDoS using Productive Puzzles , 2015, 2015 International Conference on Information Systems Security and Privacy (ICISSP).

[38]  S. Landau,et al.  The problem isn't attribution: it's multi-stage attacks , 2010, ReARCH '10.

[39]  Sandhya Rani,et al.  Game Theory based Defense Strategy against Denial of Service Attack using Puzzles , 2013 .

[40]  Tadashi Dohi,et al.  Dependability Modeling and Analysis of Random Port Hopping , 2012, 2012 9th International Conference on Ubiquitous Intelligence and Computing and 9th International Conference on Autonomic and Trusted Computing.

[41]  Robert S. Swarz,et al.  Reliable Computer Systems: Design and Evaluation , 1992 .

[42]  Georgios Kambourakis,et al.  Detecting DNS Amplification Attacks , 2007, CRITIS.

[43]  Ahmad Faraahi,et al.  An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks , 2011 .