Skip to main content
SpringerLink
Log in

Cooperative Mechanisms for Defending Distributed Denial of Service (DDoS) Attacks

  • Chapter
  • First Online:
Handbook of Computer Networks and Cyber Security

Abstract

Distributed denial of service (DDoS) attack is one of the biggest challenges faced by the Internet community today. DDoS attack attempts to disrupt the availability of resources to the legitimate users by overwhelming the network and server resources. In this chapter, we discuss the importance of cooperative mechanisms over the centralised ones and various existing cooperative techniques to defend against DDoS attack. We also discuss their major drawbacks. The major disadvantage of centralised defence mechanism is single point of failure when the central kingpin node itself comes under attack. What we realise is that although these techniques have been developed, they are rarely deployed in the real world because the researchers have long ignored the economic incentive part in the working of cooperative DDoS mechanisms. Due to lack of incremental payment structures, the cooperation between the nodes fails. Sometimes the payment structures are non-existent, and in some cases, the payment structure is in place, but the incentives are not lucrative enough for the nodes to share their resources. The DDoS attack scenario can be divided into attack phase, detection phase and response phase. When the attacker machines perform in cooperation, then for the defence mechanism to be strong, it should also be in cooperation. This work gives an overview of the existing cooperative defence mechanisms at different layers of the Open Systems Interconnection (OSI) model and an overview of mechanism using third party for any of these three phases.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 299.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys & Tutorials, 15(4), 2046–2069.

    Article  Google Scholar 

  2. Srivastava, A., Gupta, B. B., Tyagi, A., Sharma, A., & Mishra, A. (2011). A recent survey on DDoS attacks and defense mechanisms. In Advances in parallel distributed computing (pp. 570–580). Berlin: Springer.

    Chapter  Google Scholar 

  3. Mirkovic, J., & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39–53.

    Article  Google Scholar 

  4. Xu, K., Zhang, Z.-L., & Bhattacharyya, S. (2005). Reducing unwanted traffic in a backbone network. In Steps to reducing unwanted traffic on the internet workshop (SRUTI) (p. 915). Berkeley, CA: USENIX Association.

    Google Scholar 

  5. CERT Coordination Center. (2007, March). Denial of service attacks. Retrieved from http://www.cert.org/techtips/denialofservice.html

  6. Garber, L. (2000). Denial-of-service attacks rip the internet. Computer, 33(4), 12–17.

    Article  Google Scholar 

  7. CERT Coordination Center. (2007, March). CERT advisory CA-98.01 smurf IP denial-of- service attacks. Retrieved from http://www.cert.org/advisories/CA-1998-01.html

  8. Liu, X., Li, A., Yang, X., & Wetherall, D. (2008). Passport: Secure and adoptable source authentication. Renton, WA: USENIX.

    Google Scholar 

  9. Argyraki, K., & Cheriton, D. R. (2009). Scalable network-layer defense against internet bandwidth-flooding attacks. IEEE/ACM Transactions on Networking (ToN), 17(4), 1284–1297.

    Article  Google Scholar 

  10. Liu, X., Yang, X., & Lu, Y. (2008). To filter or to authorize: Network-layer DoS defense against multimillion-node botnets. In ACM SIGCOMM computer communication review (Vol. 38(4), pp. 195–206). New York: ACM.

    Google Scholar 

  11. Retrieved March 21, 2018, from https://www.calyptix.com/top-threats/ddos-attacks-101-types-targets-motivations/

  12. Retrieved March 21, 2018, from https://www.akamai.com/us/en/about/news/press/2017-press/akamai-releases-third-quarter-2017-state-of-the-internet-security-report.jsp

  13. Molsa, J. (2006). Mitigating denial of service attacks in computer networks. PhD thesis, Helsinki University of Technology, Espoo, Finland.

    Google Scholar 

  14. Specht, S. M., & Lee, R. B. (2004). Distributed denial of service: Taxonomies of attacks, tools, and countermeasures. In ISCA PDCS (pp. 543–550).

    Google Scholar 

  15. Paxson, V. (2001). An analysis of using reflectors for distributed denial-of-service attacks. ACM SIGCOMM Computer Communication Review, 31(3), 38–47.

    Article  Google Scholar 

  16. Chang, R. K. (2002). Defending against flooding-based distributed denial-of-service attacks: A tutorial. IEEE Communications Magazine, 40(10), 42–51.

    Article  Google Scholar 

  17. CERT Coordination Center. (2007). CERT advisory CA-98.01 smurf IP denial-of-service attacks. Retrieved March, 2007, from http://www.cert.org/advisories/CA-1998.01.html

  18. Mölsä, J. (2006). Mitigating denial of service attacks in computer networks. Espoo: Helsinki University of Technology.

    Google Scholar 

  19. Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys & Tutorials, 15(4), 2046–2069.

    Article  Google Scholar 

  20. Chen, R., & Park, J. M. (2005). Attack diagnosis: Throttling distributed denial-of-service attacks close to the attack sources. In Proceedings of the 14th International Conference on Computer Communications and Networks, ICCCN 2005 (pp. 275–280). Piscataway, NJ: IEEE.

    Google Scholar 

  21. Chen, R., Park, J. M., & Marchany, R. (2006). TRACK: A novel approach for defending against distributed denial-of-service attacks. In Technical Report TR ECE—O6–02. Blacksburg, VA: Department of Electrical and Computer Engineering, Virginia Tech.

    Google Scholar 

  22. Papadopoulos, C., Lindell, R., Mehringer, J., Hussain, A., & Govindan, R. (2003). Cossack: Coordinated suppression of simultaneous attacks. In Proceedings: DARPA information survivability conference and exposition, 2003 (Vol. 1, pp. 2–13). Los Alamitos, CA: IEEE.

    Chapter  Google Scholar 

  23. Anderson, T., Roscoe, T., & Wetherall, D. (2004). Preventing internet denial-of-service with capabilities. ACM SIGCOMM Computer Communication Review, 34(1), 39–44.

    Article  Google Scholar 

  24. Argyraki, K., & Cheriton, D. R. (2009). Scalable network-layer defense against internet bandwidth-flooding attacks. IEEE/ACM Transactions on Networking (ToN), 17(4), 1284–1297.

    Article  Google Scholar 

  25. Liu, X., Yang, X., & Lu, Y. (2008). To filter or to authorize: Network-layer DoS defense against multimillion-node botnets. In ACM SIGCOMM Computer Communication Review (Vol. 38(4), pp. 195–206). New York: ACM.

    Google Scholar 

  26. Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., Karger, D., & Shenker, S. (2006). DDoS defense by offense. In ACM SIGCOMM Computer Communication Review (Vol. 36(4), pp. 303–314). New York: ACM.

    Article  Google Scholar 

  27. Yu, J., Li, Z., Chen, H., & Chen, X. (2007). A detection and offense mechanism to defend against application layer DDoS attacks. In Third International Conference on Networking and Services, 2007. ICNS (pp. 54–54). Piscataway, NJ: IEEE.

    Google Scholar 

  28. Mahajan, R., Bellovin, S. M., Floyd, S., Ioannidis, J., Paxson, V., & Shenker, S. (2002). Controlling high bandwidth aggregates in the network. ACM SIGCOMM Computer Communication Review, 32(3), 62–73.

    Article  Google Scholar 

  29. Mirkovic, J., Robinson, M., & Reiher, P. (2003). Alliance formation for DDoS defense. In Proceedings of the 2003 workshop on New security paradigms (pp. 11–18). New York: ACM.

    Chapter  Google Scholar 

  30. Li, A., Yang, X., & Wetherall, D. (2008). Passport: Secure and adoptable source authentication. Renton, WA: USENIX.

    Google Scholar 

  31. Kandula, S., Katabi, D., Jacob, M., & Berger, A. (2005). Botz-4-sale: Surviving organized DDoS attacks that mimic flash crowds. In Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation-Volume 2 (pp. 287–300). Berkeley, CA: USENIX Association.

    Google Scholar 

  32. Srivatsa, M., Iyengar, A., Yin, J., & Liu, L. (2008). Mitigating application-level denial of service attacks on Web servers: A client-transparent approach. ACM Transactions on the Web (TWEB), 2(3), 15.

    Google Scholar 

  33. Hussain, A., Schwab, S., Thomas, R., Fahmy, S., & Mirkovic, J. (2006, June). DDoS experiment methodology. In Proceedings of DETER Community Workshop (pp. 8–14).

    Google Scholar 

  34. Ko, C., Hussain, A., Schwab, S., Thomas, R., & Wilson, B. (2006, June). Towards systematic IDS evaluation. In Proceedings of DETER Community Workshop (pp. 20–23).

    Google Scholar 

  35. Feibel, W. (2000). The network press encyclopedia of networking. San Francisco, CA: Sybex.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, National Institute of Technology Kurukshetra, Kurukshetra, India

    Prachi Gulihar & B. B. Gupta

Authors
  1. Prachi Gulihar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. B. B. Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Engineering, National Institute of Technology Kurukshetra, Kurukshetra, India

    Brij B. Gupta

  2. Department of Computer Science, University of Murcia, Catedrático de Universidad, Murcia, Spain

    Gregorio Martinez Perez

  3. Department of Electrical Engineering and Computer Science, University of Cincinnati, Cincinnati, USA

    Dharma P. Agrawal

  4. LoginRadius Inc., Vancouver, BC, Canada

    Deepak Gupta

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Gulihar, P., Gupta, B.B. (2020). Cooperative Mechanisms for Defending Distributed Denial of Service (DDoS) Attacks. In: Gupta, B., Perez, G., Agrawal, D., Gupta, D. (eds) Handbook of Computer Networks and Cyber Security. Springer, Cham. https://doi.org/10.1007/978-3-030-22277-2_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-22277-2_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-22276-5

  • Online ISBN: 978-3-030-22277-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation