Detection and Reaction to Denial of Service Attacks

Denial of Service (DoS) attacks are becoming common in the Internet today, employed by malicious Internet users to disrupt or even bring down enterprise networks. Since their first appearances, they have evolved in sophistication, scale, and seriousness of their effects in computer systems and networks. In this paper we examine the main DoS types and their characteristics. We explain why traditional security tools like Intrusion Detection Systems are ineffective and why the problem of countering a Distributed DoS attack is complex, involves various levels of the network, and requires the trust and cooperation between domains. We then look into the solutions offered so far, both practical and research ones. We go through the process of detecting such an attack and lay down a plan for response, manual or automated. Finally, we make a brief review of a system we are currently developing and aims to automate the whole process of attack detection and response. The approach, except for being an alternative solution, highlights the requirements for effective DoS containment.