A survey of distributed denial-of-service attack, prevention, and mitigation techniques

Distributed denial-of-service is one kind of the most highlighted and most important attacks of today’s cyberworld. With simple but extremely powerful attack mechanisms, it introduces an immense threat to current Internet community. In this article, we present a comprehensive survey of distributed denial-of-service attack, prevention, and mitigation techniques. We provide a systematic analysis of this type of attacks including motivations and evolution, analysis of different attacks so far, protection techniques and mitigation techniques, and possible limitations and challenges of existing research. Finally, some important research directions are outlined which require more attentions in near future to ensure successful defense against distributed denial-of-service attacks.

[1]  Gitae Kim,et al.  NOMAD: traffic-based network monitoring framework for anomaly detection , 1999, Proceedings IEEE International Symposium on Computers and Communications (Cat. No.PR00250).

[2]  Yang Xiao,et al.  Detection of Fraudulent Usage in Wireless Networks , 2007, IEEE Transactions on Vehicular Technology.

[3]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[4]  Vrizlynn L. L. Thing,et al.  ICMP Traceback with Cumulative Path, an Efficient Solution for IP Traceback , 2003, ICICS.

[5]  Jin Wang,et al.  Privacy-Preserving Smart Similarity Search Based on Simhash over Encrypted Data in Cloud Computing , 2015 .

[6]  Minyi Guo,et al.  A Feasible IP Traceback Framework through Dynamic Deterministic Packet Marking , 2016, IEEE Transactions on Computers.

[7]  Jing Liu,et al.  Internet of things' authentication and access control , 2012, Int. J. Secur. Networks.

[8]  Yang Xiao,et al.  Intrusion detection techniques in mobile ad hoc and wireless sensor networks , 2007, IEEE Wireless Communications.

[9]  Kotagiri Ramamohanarao,et al.  Protection from distributed denial of service attacks using history-based IP filtering , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[10]  Xin Liu,et al.  To filter or to authorize: network-layer DoS defense against multimillion-node botnets , 2008, SIGCOMM '08.

[11]  Dawn Xiaodong Song,et al.  StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense , 2006, IEEE Journal on Selected Areas in Communications.

[12]  Shun-Zheng Yu,et al.  A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors , 2009 .

[13]  Ruby B. Lee,et al.  Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures , 2004, PDCS.

[14]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[15]  Gaurav Somani,et al.  Index Page Based EDoS Attacks in Infrastructure Cloud , 2014, SNDS.

[16]  David K. Y. Yau,et al.  You can run, but you can't hide: an effective statistical methodology to trace back DDoS attackers , 2005, IEEE Transactions on Parallel and Distributed Systems.

[17]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[18]  Kevin J. Houle,et al.  Trends in Denial of Service Attack Technology , 2001 .

[19]  Daniel Massey,et al.  On design and evaluation of "intention-driven" ICMP traceback , 2001, Proceedings Tenth International Conference on Computer Communications and Networks (Cat. No.01EX495).

[20]  Christopher Leckie,et al.  An efficient filter for denial-of-service bandwidth attacks , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[21]  Ross J. Anderson,et al.  The XenoService { A Distributed Defeat for Distributed Denial of Service , 2000 .

[22]  Shun-Zheng Yu,et al.  A Large-Scale Hidden Semi-Markov Model for Anomaly Detection on User Browsing Behaviors , 2009, IEEE/ACM Transactions on Networking.

[23]  Yang Xiao,et al.  Self-Propagate Mal-Packets in Wireless Sensor Networks: Dynamics and Defense Implications , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[24]  Hidema Tanaka,et al.  Analysis of Slow Read DoS attack , 2014, 2014 International Symposium on Information Theory and its Applications.

[25]  Yang Xiao,et al.  A survey of intrusion detection systems in smart grid , 2017, Int. J. Sens. Networks.

[26]  Dawn Xiaodong Song,et al.  SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[27]  Jian Shen,et al.  A secure cloud-assisted urban data sharing framework for ubiquitous-cities , 2017, Pervasive Mob. Comput..

[28]  Jose Nazario,et al.  DDoS: DDoS attack evolution , 2008 .

[29]  Zhifeng Xiao,et al.  Security and Privacy in Cloud Computing , 2013, IEEE Communications Surveys & Tutorials.

[30]  Michal Szymaniak,et al.  Replication for web hosting systems , 2004, CSUR.

[31]  Nada Golmie,et al.  NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0 , 2010 .

[32]  Robert Beverly,et al.  Understanding the efficacy of deployed internet source address validation filtering , 2009, IMC '09.

[33]  Fei Li,et al.  A moving target DDoS defense mechanism , 2014, Comput. Commun..

[34]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[35]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[36]  Yao Zheng,et al.  DDoS attack protection in the era of cloud computing and Software-Defined Networking , 2015, Comput. Networks.

[37]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[38]  Wonsuck Lee,et al.  MAC aggregation protocols resilient to DoS attacks , 2012, Int. J. Secur. Networks.

[39]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[40]  Yang Xiao,et al.  Implementation of DoS attack and mitigation strategies in IEEE 802.11b/g WLAN , 2010, Defense + Commercial Sensing.

[41]  H. Jonathan Chao,et al.  PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks , 2006, IEEE Transactions on Dependable and Secure Computing.

[42]  Mohsen Guizani,et al.  Defending DoS Attacks on Broadcast Authentication in Wireless Sensor Networks , 2008, 2008 IEEE International Conference on Communications.

[43]  Chuanyi Ji,et al.  Optimal worm-scanning method using vulnerable-host distributions , 2007, Int. J. Secur. Networks.

[44]  Aamir Shahzad,et al.  Detecting flooding based DoS attack in cloud computing environment using covariance matrix approach , 2013, ICUIMC '13.

[45]  Nicholas Weaver,et al.  Potential Strategies for High Speed Active Worms : A Worst Case Analysis , 2002 .

[46]  Rose F. Gamble,et al.  DDoS Attacks in Service Clouds , 2015, 2015 48th Hawaii International Conference on System Sciences.

[47]  Xin Liu,et al.  NetFence: preventing internet denial of service from inside out , 2010, SIGCOMM '10.

[48]  Fatih Alagöz,et al.  A distributed filtering mechanism against DDoS attacks: ScoreForCore , 2016, Comput. Networks.

[49]  Buquan Liu High performance simulation technology in the Internet of Things , 2015, Int. J. Sens. Networks.

[50]  Jugal K. Kalita,et al.  E-LDAT: a lightweight system for DDoS flooding attack detection and IP traceback using extended entropy metric , 2016, Secur. Commun. Networks.

[51]  John S. Heidemann,et al.  Identification of Repeated Denial of Service Attacks , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[52]  Helen Gill,et al.  Cyber-Physical Systems , 2019, 2019 IEEE International Conference on Mechatronics (ICM).

[53]  A. Tamilarasi,et al.  A backpressure technique for filtering spoofed traffic at upstream routers , 2010, Int. J. Secur. Networks.

[54]  Chao Chen,et al.  Characterising heterogeneity in vulnerable hosts on worm propagation , 2016, Int. J. Secur. Networks.

[55]  M.T. Goodrich,et al.  Probabilistic Packet Marking for Large-Scale IP Traceback , 2008, IEEE/ACM Transactions on Networking.

[56]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[57]  Peng Zhang,et al.  A transform domain-based anomaly detection approach to network-wide traffic , 2014, J. Netw. Comput. Appl..

[58]  Seokung Yoon,et al.  Security Issues on Smarthome in IoT Environment , 2015 .

[59]  Yong Sheng,et al.  Detecting 802.11 MAC Layer Spoofing Using Received Signal Strength , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[60]  Klaus Wehrle,et al.  Security Challenges in the IP-based Internet of Things , 2011, Wirel. Pers. Commun..

[61]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[62]  Mohamed Naili,et al.  Election-based method for fault tolerance in a hierarchical sensor network EFTOHSN: a case study of an indoor localisation system , 2016 .

[63]  Xin Yuan,et al.  Controlling IP Spoofing through Interdomain Packet Filters , 2008, IEEE Transactions on Dependable and Secure Computing.

[64]  Yao Zheng,et al.  DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[65]  Paul J Criscuolo,et al.  Distributed Denial of Service: Trin00, Tribe Flood Network, Tribe Flood Network 2000, and Stacheldraht CIAC-2319 , 2000 .

[66]  Wenke Lee,et al.  Proactive detection of distributed denial of service attacks using MIB traffic variables-a feasibility study , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).

[67]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[68]  Richard L. Rosenbaum Using the Domain Name System To Store Arbitrary String Attributes , 1993, RFC.

[69]  M. Abliz Internet Denial of Service Attacks and Defense Mechanisms , 2011 .

[70]  H. T. Kung,et al.  Use of spectral analysis in defense against DoS attacks , 2002, Global Telecommunications Conference, 2002. GLOBECOM '02. IEEE.

[71]  Manjusha Pandey,et al.  Distributed Denial of Service Attacks: A Review , 2014 .

[72]  Minyi Guo,et al.  Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks , 2009, IEEE Transactions on Parallel and Distributed Systems.

[73]  Sylvie Perreau,et al.  Detect DDoS flooding attacks in mobile ad hoc networks , 2010, Int. J. Secur. Networks.

[74]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[75]  Zhihua Xia,et al.  A Privacy-Preserving and Copy-Deterrence Content-Based Image Retrieval Scheme in Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[76]  Fred Baker,et al.  Requirements for IP Version 4 Routers , 1995, RFC.

[77]  David Moore,et al.  Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.

[78]  Jian Shen,et al.  An Efficient Public Auditing Protocol With Novel Dynamic Structure for Cloud Data , 2017, IEEE Transactions on Information Forensics and Security.

[79]  Kefu Xu,et al.  You Can’t Hide: A Novel Methodology to Defend DDoS Attack Based on Botcloud , 2015 .

[80]  Ashok Singh Sairam,et al.  ICMP based IP traceback with negligible overhead for highly distributed reflector attack using bloom filters , 2014, Comput. Commun..

[81]  Zhuo Lu,et al.  Cyber security in the Smart Grid: Survey and challenges , 2013, Comput. Networks.

[82]  Jarmo Mölsä,et al.  Mitigating denial of service attacks: A tutorial , 2005, J. Comput. Secur..

[83]  Geoffrey G. Xie,et al.  Fault Tolerance Experiments in 4D Future Internet Architecture , 2010 .

[84]  Lixin Tian,et al.  Fault-tolerant topology evolution and analysis of sensing systems in IoT based on complex networks , 2015, Int. J. Sens. Networks.

[85]  Insup Lee,et al.  Cyber-physical systems: The next computing revolution , 2010, Design Automation Conference.

[86]  Wonsuck Lee,et al.  MAC aggregation resilient to DoS attacks , 2011, 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[87]  Prajwal Gaikwad,et al.  Passive IP Traceback: Disclosing the Locations of IP Spoofers from Path Backscatter , 2017 .

[88]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.

[89]  Steve Mansfield-Devine DDoS: threats and mitigation , 2011, Netw. Secur..

[90]  Ramesh Karri,et al.  BRAIN: BehavioR Based Adaptive Intrusion Detection in Networks: Using Hardware Performance Counters to Detect DDoS Attacks , 2016, 2016 29th International Conference on VLSI Design and 2016 15th International Conference on Embedded Systems (VLSID).

[91]  Zhangjie Fu,et al.  Privacy-Preserving Smart Semantic Search Based on Conceptual Graphs Over Encrypted Outsourced Data , 2017, IEEE Transactions on Information Forensics and Security.

[92]  Wanlei Zhou,et al.  Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics , 2011, IEEE Transactions on Information Forensics and Security.

[93]  Yang Xiao,et al.  Cyber Security and Privacy Issues in Smart Grids , 2012, IEEE Communications Surveys & Tutorials.

[94]  Xingming Sun,et al.  Toward Efficient Multi-Keyword Fuzzy Search Over Encrypted Outsourced Data With Accuracy Improvement , 2016, IEEE Transactions on Information Forensics and Security.

[95]  Jun Li,et al.  SAVE: source address validity enforcement protocol , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[96]  Song Guo,et al.  Can We Beat DDoS Attacks in Clouds? , 2014, IEEE Transactions on Parallel and Distributed Systems.

[97]  Manoj Singh Gaur,et al.  DDoS attacks in cloud computing: Issues, taxonomy, and future directions , 2015, Comput. Commun..

[98]  Arnaud Jacquet,et al.  Policing congestion response in an internetwork using re-feedback , 2005, SIGCOMM '05.

[99]  Ion Stoica,et al.  Towards a More Functional and Secure Network Infrastructure , 2003 .

[100]  Xiaowei Yang,et al.  A DoS-limiting network architecture , 2005, SIGCOMM '05.

[101]  Yang Xiao,et al.  Security tests and attack experimentations of ProtoGENI , 2015, Int. J. Secur. Networks.

[102]  Thomer M. Gil,et al.  MULTOPS: A Data-Structure for Bandwidth Attack Detection , 2001, USENIX Security Symposium.

[103]  J. M. Pullen,et al.  Countering denial-of-service attacks using congestion triggered packet sampling and filtering , 2001, Proceedings Tenth International Conference on Computer Communications and Networks (Cat. No.01EX495).

[104]  Michael Menth,et al.  Capacity overprovisioning for networks with resilience requirements , 2006, SIGCOMM.

[105]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[106]  Shivakant Mishra,et al.  Limiting DoS attacks during multihop data delivery in wireless sensor networks , 2006, Int. J. Secur. Networks.

[107]  Gürkan Gür,et al.  Filtering-Based Defense Mechanisms Against DDoS Attacks: A Survey , 2017, IEEE Systems Journal.

[108]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[109]  Yang Xiao Flow-net methodology for accountability in wireless networks , 2009, IEEE Network.

[110]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[111]  Manoj Singh Gaur,et al.  DDoS attacks in cloud computing: Issues, taxonomy, and future directions , 2017, Comput. Commun..

[112]  Angelos D. Keromytis,et al.  SOS: secure overlay services , 2002, SIGCOMM '02.

[113]  Fadi A. Aloul,et al.  Smart Grid Security: Threats, Vulnerabilities and Solutions , 2012 .

[114]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[115]  Nathalie Weiler,et al.  Honeypots for distributed denial-of-service attacks , 2002, Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[116]  Michael Menth,et al.  Capacity overprovisioning for networks with resilience requirements , 2006, SIGCOMM 2006.

[117]  Yang Xiao,et al.  Self-Propagate Mal-Packets in Wireless Sensor Networks: Dynamics and Defense Implications , 2008, GLOBECOM.

[118]  Guang Jin,et al.  Deterministic packet marking based on redundant decomposition for IP traceback , 2006, IEEE Communications Letters.

[119]  Dawn Xiaodong Song,et al.  Pi: a path identification mechanism to defend against DDoS attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[120]  Yonghong Chen,et al.  DDoS Detection Method Based on Chaos Analysis of Network Traffic Entropy , 2014, IEEE Communications Letters.

[121]  Jose Nazario,et al.  Politically Motivated Denial of Service Attacks , 2009 .

[122]  Brij B. Gupta,et al.  A Recent Survey on DDoS Attacks and Defense Mechanisms , 2011 .

[123]  Andrew B. Whinston,et al.  Defeating distributed denial of service attacks , 2000 .

[124]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[125]  Yang Xiao,et al.  Botnet: Classification, Attacks, Detection, Tracing, and Preventive Measures , 2009, EURASIP J. Wirel. Commun. Netw..

[126]  Xingming Sun,et al.  Enabling Semantic Search Based on Conceptual Graphs over Encrypted Outsourced Data , 2019, IEEE Transactions on Services Computing.

[127]  Benny Rochwerger,et al.  Scalable Cloud Defenses for Detection, Analysis and Mitigation of DDoS Attacks , 2010, Future Internet Assembly.

[128]  Lukas Krämer,et al.  AmpPot: Monitoring and Defending Against Amplification DDoS Attacks , 2015, RAID.