A taxonomy of DDoS attack and DDoS defense mechanisms

Distributed denial-of-service (DDoS) is a rapidly growing problem. The multitude and variety of both the attacks and the defense approaches is overwhelming. This paper presents two taxonomies for classifying attacks and defenses, and thus provides researchers with a better understanding of the problem and the current solution space. The attack classification criteria was selected to highlight commonalities and important features of attack strategies, that define challenges and dictate the design of countermeasures. The defense taxonomy classifies the body of existing DDoS defenses based on their design decisions; it then shows how these decisions dictate the advantages and deficiencies of proposed solutions.

[1]  Michael Atighetchi,et al.  Applications That Participate in Their Own Defense (APOD) , 2003 .

[2]  Clive Davidson,et al.  Cyberpunk: Outlaws and hackers on the computer frontier , 1992 .

[3]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[4]  G. Hardin,et al.  The Tragedy of the Commons , 1968, Green Planet Blues.

[5]  A. L. Narasimha Reddy,et al.  Mitigation of DoS attacks through QoS regulation , 2004, Microprocess. Microsystems.

[6]  Yuliang Zheng,et al.  A Method to Implement a Denial of Service Protection Base , 1997, ACISP.

[7]  Matthew M. Williamson,et al.  Throttling viruses: restricting propagation to defeat malicious mobile code , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[8]  Vern Paxson,et al.  An analysis of using reflectors for distributed denial-of-service attacks , 2001, CCRV.

[9]  Michael Weber,et al.  Protecting web servers from distributed denial of service attacks , 2001, WWW '01.

[10]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[11]  Angelos D. Keromytis,et al.  SOS: secure overlay services , 2002, SIGCOMM '02.

[12]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[13]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[14]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[15]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[16]  Catherine A. Meadows,et al.  A formal framework and evaluation method for network denial of service , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[17]  Thomer M. Gil,et al.  MULTOPS: A Data-Structure for Bandwidth Attack Detection , 2001, USENIX Security Symposium.

[18]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[19]  R. C. Joshi,et al.  An Integrated Approach for Defending Against Distributed Denial-of-Service ( DDoS ) Attacks , 2022 .

[20]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[21]  Alex C. Snoeren,et al.  Hash-based IP traceback , 2001, SIGCOMM '01.

[22]  Larry L. Peterson,et al.  Defending against denial of service attacks in Scout , 1999, OSDI '99.

[23]  David Watson,et al.  Transport and application protocol scrubbing , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[24]  Jun Li,et al.  SAVE: source address validity enforcement protocol , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[25]  Stuart Staniford-Chen,et al.  Practical Automated Detection of Stealthy Portscans , 2002, J. Comput. Secur..

[26]  Sven Dietrich,et al.  Analyzing Distributed Denial of Service Tools: The Shaft Case , 2000, LISA.

[27]  Jonathan S. Shapiro,et al.  EROS: A Principle-Driven Operating System from the Ground Up , 2002, IEEE Softw..

[28]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[29]  Mischa Schwartz,et al.  ACM SIGCOMM computer communication review , 2001, CCRV.

[30]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .

[31]  Pekka Nikander,et al.  Towards Network Denial of Service Resistant Protocols , 2000, SEC.

[32]  Kevin J. Houle,et al.  Trends in Denial of Service Attack Technology , 2001 .

[33]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[34]  David Wetherall,et al.  Preventing Internet denial-of-service with capabilities , 2004, Comput. Commun. Rev..

[35]  A. L. Narasimha Reddy,et al.  Mitigating Denial of Service Attacks Using QoS Regulation , 2001 .

[36]  Mario Gerla,et al.  D-ward: source-end defense against distributed denial-of-service attacks , 2003 .

[37]  Ross J. Anderson,et al.  The XenoService { A Distributed Defeat for Distributed Denial of Service , 2000 .

[38]  Martin Roesch,et al.  SNORT: The Open Source Network Intrusion Detection System 1 , 2002 .

[39]  V. Razmov Denial of Service Attacks and How to Defend Against Them , 2000 .

[40]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[41]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[42]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[43]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[44]  Sally Floyd,et al.  Pushback Messages for Controlling Aggregates in the Network , 2001 .

[45]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[46]  Ari Juels,et al.  $evwu Dfw , 1998 .

[47]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[48]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.

[49]  David G. Andersen,et al.  Proceedings of Usits '03: 4th Usenix Symposium on Internet Technologies and Systems Mayday: Distributed Filtering for Internet Services , 2022 .

[50]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[51]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[52]  Vinod Yegneswaran,et al.  Internet intrusions: global characteristics and prevalence , 2003, SIGMETRICS '03.

[53]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.