Abstract
This paper presents a review of current denial of service (DoS) attack and defence concepts, from a theoretical ad practical point of view. Seriousness of DoS attacks is tangible and they present one of the most significant threats to assurance of dependable and secure information systems, which is growing in importance. Rapid development of new and increasingly sophisticated attacks requires resourcefulness in designing and implementing reliable defences. We focus on providing a both fresh and relevant state of art reference with included different perspectives, such as economic DoS (EDoS) or offensive countermeasures in the cyber space. Considering the elaborated DoS mechanisms and state of art review, our considerations of main challenges are discussed. Directions are proposed for future research, considered required in defending against the DoS threat, which is evolving into a potentially major disruptive factor for global security models on all levels.
Similar content being viewed by others
References
Abliz, M.: Internet Denial of Service Attacks and Defense Mechanisms. University of Pittsburgh Technical Report, No. TR-11-178, March 2011
Abliz, M, Znati, T.: Defeating DDoS using Productive Puzzles. In: Proccedings of International Conference on Information Systems Security and Privacy (ICISSP). Angers, France, pp. 114–123, Feb 9-11 2015
Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W., Dagon, D.: From throw-away traffic to bots: detecting the rise of DGA-based Malware. In: Security ’12 Proceedings of The 21st USENIX Conference on Security Symposium. Bellevue, WA, USA, pp. 24–39 Aug 8–10 2012
Auriemma, L.: Microsoft Remote Desktop Protocol CVE-2012-0002 Remote Code Execution Vulnerability. SecurityFocus. http://www.securityfocus.com/bid/52353 (2012). Accessed 15 Oct 2013
Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secur. Comput. 1(1), 11–33 (2004)
Ballani, H., Francis, P.: Mitigating DNS DoS attacks. In: CCS ’08 Proceedings of the 15th ACM Conference on Computer and Communications Security. Alexandria, VA, USA, pp. 189–198 Oct 27–31 2008
Batishchev, A.: Low Orbit Ion Cannon (LOIC). SourceForge. http://sourceforge.net/projects/loic (2012). Accessed 15 Oct 2013
Bhandari, A., Sangal, A. Kumar, K.: Performance Metrics for Defence Framework against Distributed Denial of Service Attacks. ACEEE Int. J. Netw. Secur. 6. April 2014. http://searchdl.org/public/journals/2014/IJNS/5/2/39.pdf (2014). Accessed 01 Nov 2014
Bhuyan, M., Kashyap, H., Bhattacharyya, D., Kalita, J.: Detecting distributed denial of service attacks: methods, tools and future directions. Comput. J. doi:10.1093/comjnl/bxt031 (2013) UK [SCI, IF: 0.79]
Bicakci, K., Crispo, B., Tanenbaum, A.: Reverse SSL: Improved Server Performance and DoS Resistance for SSL Handshakes. Cryptology ePrint Archive: Report 2006/212; International Association for Cryptologic Research (2006)
BITAG. SNMP Reflected Amplification DDoS Attack Mitigation. Technical Report 2012-08. Denver, CO: Broadband Internet Technical Advisory Group, Inc. (2012)
Bogdanoski, M., Shuminoski, T., Risteski, A.: Analysis of the SYN flood DoS attack. Int. J. Comput. Netw. Inf. Secur. 5(8), 1–11 (2013)
Brennan, T.: OWASP HTTP Post Tool. OWASP. https://www.owasp.org/index.php/OWASP_HTTP_Post_Tool (2010). Accessed 15 Oct 2013
Cavallaro, L., Kruegel, C., Vigna, G.: Mining the Network Behavior of Bots. Technical Report 2009-12. Santa Barbara: Department of Computer Science, University of California (2009)
Chee, O., Brennan, T.: HTTP Post. In: OWASP AppSec. Washington, DC, Nov 8–11 2010
Chen, C.: A new detection method for distributed denial-of-service attack traffic based on statistical test. J. Univers. Comput. Sci. 15(2), 488–504 (2009)
Cichonski, P., Millar, T., Grance, T., Scarfone, K.: SP 800-61: Computer Security Incident Handling Guide. NIST. http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf (2012). Accessed 01 Nov 2014
Cisco Systems Inc. Defeating DDoS Attacks. Cisco Systems Inc. http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5879/ps6264/ps5888/prod_white_paper0900aecd8011e927.pdf (2004). Accessed 15 Oct 2013
Clark, D., Landau, S.: The Problem isn’t Attribution; It’s Multi-Stage Attacks. MIT. http://groups.csail.mit.edu/ana/ANA%20PUBLICATIONS/The_Problem_isnt_Attribution.pdf (2010). Accessed 12 Nov 2016
Colbaugh, R., Glass, K.: Proactive Defence for Evolving Cyber Threats. Technical Report 2012-11. Alburquerque: Sandia National Laboratories (2012)
Deloitte. Offensive Defence—DDoS Disruption. Delloite. http://www.deloitte.com/assets/Dcom-UnitedStates/Local%20Assets/Documents/AERS/us_aers_Offensive_Defense%E2%80%93DDoS_Disruption_071814.pdf (2014). Accessed 01 Nov 2014
Department of the Air Force. Capabilities for Cyber Resiliency. Department of the Air Force. https://www.fbo.gov/index?s=opportunity&mode=form&id=8482f8ddcbc8471d1ff609574b2d68e8&tab=core&_cview=1 (2014). Accessed 01 Nov 2014
DoD. Department of Defence Strategy for Operating in Cyberspace. DoD. http://www.defence.gov/news/d20110714cyber.pdf (2011). Accessed 15 Nov 2013
Douligeris, C., Mitrokotsa, A.: DDoS attacks and defence mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004)
Endicott-Popovsky, B, Frincke, D.: Adding the fourth ’R’: a systems approach to solving the Hacker’s arms race. In: Hawaii International Conference on System Sciences (HICSS) 39 Symposium: Skilled Human-intelligent Agent Performance: Measurement, Application and Symposium, Kauai, HI, Jan 4–7 2006
F5 Networks, Inc. Application Security Manager. F5 Networks, Inc. https://f5.com/products/modules/application-security-manager (2014). Accessed 01 Nov 2014
Feigenbaum, J., Johnson, A., Syverson, P.: A model of onion routing with provable anonymity. In: Financial Cryptography and Data Security, 11th International Conference, FC 2007, LNCS forthcoming. Scarborough, Trinidad and Tobago, pp. 55–71, Feb 12–16 2007
Ficco, M, Rak, M.: Stealthy denial of service strategy in cloud computing. IEEE Trans. Cloud Comput. (2014) PP 99. doi:10.1109/TCC.2014.2325045
Garcia-Teodoro, P., Diaz-Verdejo, J., Macia-Fernandez, G., Vazquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009)
Ghazali, K., Hassan, R.: Flooding distributed denial of service attacks-a review. J. Comput. Sci. 7(8), 1218–1223 (2011). doi:10.3844/jcssp.2011.1218.1223
Goel, R., Garuba, M., Girma, A.: Cloud computing vulnerability: DDoS as its main security threat, and analysis of IDS as a solution model. In: 11th International Conference on Information Technology: New Generations (ITNG). Las Vegas, NV, pp. 307–312, Apr 7–9 2014
Graham-Cumming, J.: Understanding and mitigating NTP-based DDoS attacks. CloudFlare. http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks (2014). Accessed 02 Apr 2014
Gupta, B., Joshi, R., Misra, M.: Distributed denial of service prevention techniques. Int. J. Comput. Electr. Eng. 2(2), 268–276 (2010)
Gushin, Y., Behar, A.: Roboo. ECL Labs. http://www.ecl-labs.org/2011/03/17/roboo-http-mitigator.html (2011). Accessed 15 Oct 2013
Handley, M., Rescorla, E.: Internet Denial-of-Service Considerations. Internet Engineering Task Force. http://tools.ietf.org/pdf/rfc4732.pdf (2006). Accessed 15 Oct 2013
Hansen, R.: Slowloris. Ha.ckers. http://ckers.org/slowloris/ (2009). Accessed 15 Oct 2013
Hari, K., Dohi, T.: Dependability modeling and analysis of random port hopping. In: 9th International Conference on Ubiquitous Intelligence and Computing and 9th International Conference on Autonomic and Trusted Computing. Fukuoka, Japan, pp. 586–593, Sept 4–7 2012
Holdaway, E.: Active Computer Network Defence: An Assessment. AU/ACSC/055/2001-04. Montgomery, AL: Maxwell AFB (2001)
Johnson, J.: Implementing Active Defence Systems on Private Networks. SANS Institute. https://www.sans.org/reading-room/whitepapers/attacking/implementing-active-defence-systems-private-networks-34312 (2013). Accessed 15 Oct 2013
Kallberg, J., Thuraisingham, B.: Towards cyber operations—the new role of academic cyber security research and rducation. In: IEEE International Conference on Intelligence and Security Informatics. Arlington, VA, pp. 132–134, Jun 11–14 2014
Kambourakis, G., Moschos, T., Geneiatakis, D., Gritzalis, S.: Detecting DNS amplification attacks. In: Ctitical Information Infrastructures Security, Second International Workshop. Málaga, Spain, pp. 185–196, Oct 3–5 2007
Karimazad, R., Faraahi, A.: An anomaly based method for DDoS attacks detection using RBF neural networks. In: Proceedings of the International Conference on Network and Electronics Engineering. Singapore, pp. 44–48, Sept 16–18 2011
Kovacs, E.: LOIC DDOS Attack Tool Migrated to Android. Softpedia. http://news.softpedia.com/news/LOIC-DDOS-Attack-Tool-Migrated-to-Android-254119.shtml (2012). Accessed 01 Nov 2014
Leder, F., Werner, T., Martini, P.: Proactive botnet countermeasures an offensive approach. Cooperative Cyber Defence Centre of Excellence. https://ccdcoe.org/publications/virtualbattlefield/15_LEDER_Proactive_Coutnermeasures.pdf (2009). Accessed 12 Nov 2016
Loshin, P.: Details Emerging on Dyn DNS DDoS Attack, Mirai IoT Botnet. TechTarget SearchSecurity. http://searchsecurity.techtarget.com/news/450401962/Details-emerging-on-Dyn-DNS-DDoS-attack-Mirai-IoT-botnet (2016). Accessed 12 Nov 2016
Margaritelli, S.: Announcement: dSploit merges with ZImperium zANTI2. ZImperium. http://dsploit.net/ (2014). Accessed 01 Nov 2014
Mather, T., Kumaraswamy, S., Latif, S.: Cloud Security and Privacy. O’Reilly Media, Sebastopol (2009)
Mirković, J., Dietrich, S., Dittrich, D., Reiher, P.: Internet Denial of Service: Attack and Defence Mechanisms. Pearson Education, Stoughton (2004)
Mirković, J., Reiher, P.: A taxonomy of DDoS attacks and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 349(2), 39–54 (2004). doi:10.1145/997150.997156
Montoro, R.: Quick Analysis of a DDoS Attack Using SSDP. Sucuri. http://blog.sucuri.net/2014/09/quick-analysis-of-a-ddos-attack-using-ssdp.html (2014). Accessed 01 Nov 2014
Moore, H.D.: Metasploit Framework (MSF). Rapid7. http://www.metasploit.com/ (2013). Accessed 15 Oct 2013
Munz, G., Carle, G.: Real-time analysis of flow data for network attack detection. In: Proceedings of the 10th IFIP/IEEE International Symposium on Integrated Network Management. Munich, Germany, pp. 100–108, May 21–25 2007
Narasimhan, H., Varadarjan, V., Rangan, C.: Game theoretic resistance to denial of service attacks using hidden difficulty puzzles. In: Proceedings of the 6th international conference on Information Security Practice and Experience. Seoul, Korea, pp. 359–376, May 12–13 2010
Neustar. HTTP GET Flood DDoS Attack, aka HTTP Object Request Flood. Neustar. http://www.ddosattacks.biz/attacks/http-post-flood-ddos-attack-definition-mitigation (2013). Accessed 01 Nov 2014
Nice, T., Mathew, A.: Different types of port-hopping methods used to prevent DDoS attacks. Int. J. Comput. Sci. Res. Technol. 1(5), 36–37 (2013)
NSFOCUS Ltd., Mid-Year DDoS Threat Report, Technical Report 2013–07, p. 2013. NSFOCUS Ltd, Beijing (2013)
oCERT. 2011-003 Multiple Implementations Denial-of-Service via Hash Algorithm Collision. oCERT. http://www.ocert.org/advisories/ocert-2011-003.html (2011). Accessed 01 Nov 2014
Offensive Security. Kali Linux NetHunter. Offensive Security. http://www.nethunter.com/ (2014). Accessed 01 Nov 2014
Orchilles, J.: Multiple Vendor SSL/TLS Renegotiation Denial Of Service Vulnerability. SecurityFocus. http://www.securityfocus.com/bid/48626 (2011). Accessed 15 Nov 2013
Orchilles, J.: TLS/SSL Renegotiation DoS. Internet Engineering Task Force. http://www.ietf.org/mail-archive/web/tls/current/msg07553.html (2006). Accessed 15 Nov 2013
Prolexic Ltd. Prolexic Quarterly Global DDoS Attack Report. Technical Report 2013-07. Hollywood: Prolexic Ltd. (2013)
Radware Inc. DefencePro: Real-Time, Behavioral Based Attack Mitigation. Radware Inc. http://www.radware.com/Products/DefencePro/ (2013). Accessed 15 Oct 2013
Radware Inc. Global Application and Network Security Report 2013. Technical Report 2013-01. Mahwah: Radware Inc. (2013)
Radware Inc. Global Application and Network Security Report 2015–2016. Technical Report 2016-01. Mahwah: Radware Inc. (2016)
Reddy, V., Rani, S., Vedika, J., Reddy, C.: Game theory based defense strategy against denial of service attack using puzzles. J. Eng. Res. Appl. (IJERA) 3(1), 751–757 (2013)
Robish, E.: Decloak Wiki. SourceForge. http://sourceforge.net/p/adhd/wiki/Decloak/ (2013). Accessed 15 Oct 2013
Robish, E., Johnson, K., Stand, J.: Active Defence Harbinger Distribution (ADHD). SourceForge. http://sourceforge.net/projects/adhd (2013). Accessed 15 Oct 2013
Saied, A., Overill, R., Radzik, T.: Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing 172(8), 385–393 (2016)
Schneier, B.: Attributing the Sony Attack. Schneier on Security. https://www.schneier.com/blog/archives/2015/01/attributing_the.html (2015). Accessed 12 Nov 2016
Security TechCenter. Microsoft Security Bulletin MS12-020. Security TechCenter. http://technet.microsoft.com/en-us/security/bulletin/ms12-020 (2012). Accessed 15 Oct 2013
Siewiorek, D., Swarz, R.: Reliable Computer Systems: Design and Evaluation. A K Peters/CRC Press, Natick (1998)
Sriram, I., Hosseni, A.: Research, Agenda in Cloud Technology. In: 1st ACM Symposium on Cloud Computing, 10–11. Indianapolis, IN, USA (2010 Jun)
Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security. Chicago, IL, USA, pp. 635–647, Nov 9-13 2009
Sysoev, I.: Nginx. Nginx. http://nginx.org/en/ (2013). Accessed 15 Nov 2013
The Hacker’s Choice (THC). THC-SSL-DoS. THC. https://www.thc.org/thc-ssl-dos/ (2011) Accessed 15 Oct 2013
Vivinsandar, S., Shenai, S.: Economic denial of sustainability (edos) in cloud services using HTTP and XML based DDoS attacks. Int. J. Comput. Appl. 41(20), 11–16 (2012)
Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., Shenker, S.: DDoS defense by offense. ACM Trans. Comput. Syst. (TOCS) 28(1), 3–57 (2010). doi:10.1145/1731060.1731063
Wueest, C.: Security Response: The Continued Rise of DDoS Attacks. Technical Report 2014-10. Mountain View, CA: Symantec Corporation (2014)
Zhao, L., Iyer, R., Makineni, S., Bhuyan, L.: Anatomy and performance of SSL processing. In: IEEE International Symposium on Performance Analysis of Systems and Software. Austin, TX, USA, pp. 197–206, Mar 20–22 2005
Acknowledgements
We would like to highlight the importance of effort and contribution made to this work by all the anonymous reviewers. We express our gratitude for their relevant and constructive feedback, which was of great help to us.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zlomislić, V., Fertalj, K. & Sruk, V. Denial of service attacks, defences and research challenges. Cluster Comput 20, 661–671 (2017). https://doi.org/10.1007/s10586-017-0730-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-017-0730-x