A Review of DDOS Attack and its Countermeasures in TCP Based Networks

Today, Internet is the primary medium for communication which is used by number of users across the Network. At the same time, its commercial nature is causing increase vulnerability to enhance cyber crimes and there has been an enormous increase in the number of DDOS (distributed denial of service attack) attacks on the internet over the past decade. Network resources such as network bandwidth, web servers and network switches are mostly the victims of DDoS attacks. In this paper basically summarizing different techniques of DDoS and its countermeasures by different methods such as Bloom Filter, Trace Back method, Independent Component Analysis and TCP Flow Analysis.

[1]  T. Znati,et al.  Proactive server roaming for mitigating denial-of-service attacks , 2003, International Conference on Information Technology: Research and Education, 2003. Proceedings. ITRE2003..

[2]  Vern Paxson,et al.  Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications , 2002, SIGCOMM 2002.

[3]  Yoshiaki Nemoto,et al.  A New Traffic Pattern Matching for DDoS Traceback Using Independent Component Analysis , 2009 .

[4]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[5]  C. Douligeris,et al.  DDoS attacks and defense mechanisms: a classification , 2003, Proceedings of the 3rd IEEE International Symposium on Signal Processing and Information Technology (IEEE Cat. No.03EX795).

[6]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[7]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[8]  B. B. Meshram,et al.  COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY , 2011 .

[9]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[10]  Jae-Kwang Lee,et al.  Multi Layer Approach to Defend DDoS Attacks Caused by Spam , 2007, 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07).

[11]  Wei Chen,et al.  A novel approach to detecting DDoS Attacks at an Early Stage , 2006, The Journal of Supercomputing.

[12]  Angelos D. Keromytis,et al.  SOS: an architecture for mitigating DDoS attacks , 2004, IEEE Journal on Selected Areas in Communications.

[13]  Abdulmotaleb El-Saddik,et al.  Detecting and Preventing IP-spoofed Distributed DoS Attacks , 2008, Int. J. Netw. Secur..

[14]  Liang Hu,et al.  Research of DDoS attack mechanism and its defense frame , 2011, 2011 3rd International Conference on Computer Research and Development.

[15]  Dawn Xiaodong Song,et al.  Pi: a path identification mechanism to defend against DDoS attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[16]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[17]  Rocky K. C. Chang,et al.  Defending against flooding-based distributed denial-of-service attacks: a tutorial , 2002, IEEE Commun. Mag..

[18]  Jonathan Lemon,et al.  Resisting SYN Flood DoS Attacks with a SYN Cache , 2002, BSDCon.

[19]  Alex C. Snoeren,et al.  Hash-based IP traceback , 2001, SIGCOMM '01.

[20]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[21]  Angelos D. Keromytis,et al.  SOS: secure overlay services , 2002, SIGCOMM '02.