DDoS attacks and defense mechanisms: classification and state-of-the-art

Denial of Service (DoS) attacks constitute one of the major threats and among the hardest security problems in today's Internet. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With little or no advance warning, a DDoS attack can easily exhaust the computing and communication resources of its victim within a short period of time. Because of the seriousness of the problem many defense mechanisms have been proposed to combat these attacks. This paper presents a structural approach to the DDoS problem by developing a classification of DDoS attacks and DDoS defense mechanisms. Furthermore, important features of each attack and defense system category are described and advantages and disadvantages of each proposed scheme are outlined. The goal of the paper is to place some order into the existing attack and defense mechanisms, so that a better understanding of DDoS attacks can be achieved and subsequently more efficient and effective algorithms, techniques and procedures to combat these attacks may be developed.

[1]  Nathalie Weiler,et al.  Honeypots for distributed denial-of-service attacks , 2002, Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[2]  A. L. Narasimha Reddy,et al.  Mitigating Denial of Service Attacks Using QoS Regulation , 2001 .

[3]  Charles B. Weinstock,et al.  A Conceptual Framework for System Fault Tolerance , 1992 .

[4]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[5]  Bill Hancock,et al.  Trinity v3, a DDoS Tool, Hits the Streets , 2000, Computers & security.

[6]  David L. Black,et al.  An Architecture for Differentiated Service , 1998 .

[7]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM 2001.

[8]  Pekka Nikander,et al.  Towards Network Denial of Service Resistant Protocols , 2000, SEC.

[9]  Henning Schulzrinne,et al.  Internet Quality of Service: An Overview , 2000 .

[10]  C. Huegen The Latest in Denial of Service Attacks: Smurfing , 1998 .

[11]  Sally Floyd,et al.  Pushback Messages for Controlling Aggregates in the Network , 2001 .

[12]  Ratul Mahajan,et al.  Aggregate-Based Congestion Control , 2002 .

[13]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[14]  Ari Juels,et al.  $evwu Dfw , 1998 .

[15]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[16]  Catherine A. Meadows,et al.  A formal framework and evaluation method for network denial of service , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[17]  Eric Y. Chen AEGIS: An Active-Network-Powered Defense Mechanism against DDoS Attacks , 2001, IWAN.

[18]  Biswanath Mukherjee,et al.  Detecting disruptive routers: a distributed network monitoring approach , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[19]  Thomer M. Gil,et al.  MULTOPS: A Data-Structure for Bandwidth Attack Detection , 2001, USENIX Security Symposium.

[20]  Ruby B. Lee,et al.  Taxonomies of Distributed Denial of Service Networks, Attacks, Tools, and Countermeasures , 2003 .

[21]  José Carlos Brustoloni,et al.  Protecting electronic commerce from distributed denial-of-service attacks , 2002, WWW '02.

[22]  Bruce Christianson,et al.  Proceedings of the 5th International Workshop on Security Protocols , 1996 .

[23]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[24]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[25]  J. M. Pullen,et al.  Countering denial-of-service attacks using congestion triggered packet sampling and filtering , 2001, Proceedings Tenth International Conference on Computer Communications and Networks (Cat. No.01EX495).

[26]  Gitae Kim,et al.  NOMAD: traffic-based network monitoring framework for anomaly detection , 1999, Proceedings IEEE International Symposium on Computers and Communications (Cat. No.PR00250).

[27]  Puneet Zaroo,et al.  A Survey of DDoS attacks and some DDoS defense mechanisms , 2022 .

[28]  Wenke Lee,et al.  Proactive detection of distributed denial of service attacks using MIB traffic variables-a feasibility study , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).

[29]  Vern Paxson,et al.  End-to-end Internet packet dynamics , 1997, SIGCOMM '97.

[30]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[31]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[32]  Geoffrey G. Xie,et al.  A Feedback Mechanism for Mitigating Denial of Service Attacks against Differentiated Services Clients , 2002 .

[33]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[34]  Charles E. Perkins,et al.  IP Mobility Support for IPv4 , 2002, RFC.

[35]  Alex C. Snoeren,et al.  Hash-based IP traceback , 2001, SIGCOMM '01.

[36]  Kotagiri Ramamohanarao,et al.  Protection from distributed denial of service attacks using history-based IP filtering , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[37]  Vern Paxson,et al.  An analysis of using reflectors for distributed denial-of-service attacks , 2001, CCRV.

[38]  George Varghese,et al.  Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications , 2001, SIGCOMM 2001.

[39]  S. M. Bellovin,et al.  Security problems in the TCP/IP protocol suite , 1989, CCRV.

[40]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[41]  Daniel Massey,et al.  On design and evaluation of "intention-driven" ICMP traceback , 2001, Proceedings Tenth International Conference on Computer Communications and Networks (Cat. No.01EX495).

[42]  Ross J. Anderson,et al.  The XenoService { A Distributed Defeat for Distributed Denial of Service , 2000 .

[43]  Brett Wilson,et al.  Autonomic Response to Distributed Denial of Service Attacks , 2001, Recent Advances in Intrusion Detection.

[44]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[45]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[46]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[47]  Douglas S. Reeves,et al.  Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework , 2001, SEC.

[48]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[49]  Andrew B. Whinston,et al.  Defending Wireless Infrastructure Against the Challenge of DDoS Attacks , 2002, Mob. Networks Appl..

[50]  Yuliang Zheng,et al.  A Method to Implement a Denial of Service Protection Base , 1997, ACISP.

[51]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[52]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[53]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[54]  Bill Hancock Hacker Insurance Now Part of the Business Risk Management Kit , 2000, Comput. Secur..

[55]  Jeff Gilchrist,et al.  The CAST-256 Encryption Algorithm , 1999, RFC.

[56]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[57]  David K. Y. Yau,et al.  Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles , 2005, IEEE/ACM Transactions on Networking.

[58]  T. Znati,et al.  Proactive server roaming for mitigating denial-of-service attacks , 2003, International Conference on Information Technology: Research and Education, 2003. Proceedings. ITRE2003..

[59]  Zheng Wang,et al.  An Architecture for Differentiated Services , 1998, RFC.

[60]  Micah Adler Tradeoffs in probabilistic packet marking for IP traceback , 2002, STOC '02.

[61]  MirkovicJelena,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004 .

[62]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[63]  Lynn Andrea Stein,et al.  The world wide web security faq , 2002 .

[64]  Michael Weber,et al.  Protecting web servers from distributed denial of service attacks , 2001, WWW '01.

[65]  Angelos D. Keromytis,et al.  SOS: secure overlay services , 2002, SIGCOMM '02.

[66]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[67]  Vijay Varadharajan,et al.  A Practical Method to Counteract Denial of Service Attacks , 2003, ACSC.

[68]  Kevin J. Houle,et al.  Trends in Denial of Service Attack Technology , 2001 .

[69]  Andrew B. Whinston,et al.  Defeating distributed denial of service attacks , 2000 .

[70]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[71]  Rocky K. C. Chang,et al.  Defending against flooding-based distributed denial-of-service attacks: a tutorial , 2002, IEEE Commun. Mag..

[72]  Larry L. Peterson,et al.  Defending against denial of service attacks in Scout , 1999, OSDI '99.

[73]  Diane Davidowicz,et al.  Domain Name System (DNS) Security , 1999 .

[74]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[75]  Sven Dietrich,et al.  Analyzing Distributed Denial of Service Tools: The Shaft Case , 2000, LISA.

[76]  Ruby B. Lee,et al.  Remote Denial of Service Attacks and Countermeasures , 2001 .