Skip to main content
SpringerLink
Log in

Denial of service attacks, defences and research challenges

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

This paper presents a review of current denial of service (DoS) attack and defence concepts, from a theoretical ad practical point of view. Seriousness of DoS attacks is tangible and they present one of the most significant threats to assurance of dependable and secure information systems, which is growing in importance. Rapid development of new and increasingly sophisticated attacks requires resourcefulness in designing and implementing reliable defences. We focus on providing a both fresh and relevant state of art reference with included different perspectives, such as economic DoS (EDoS) or offensive countermeasures in the cyber space. Considering the elaborated DoS mechanisms and state of art review, our considerations of main challenges are discussed. Directions are proposed for future research, considered required in defending against the DoS threat, which is evolving into a potentially major disruptive factor for global security models on all levels.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Abliz, M.: Internet Denial of Service Attacks and Defense Mechanisms. University of Pittsburgh Technical Report, No. TR-11-178, March 2011

  2. Abliz, M, Znati, T.: Defeating DDoS using Productive Puzzles. In: Proccedings of International Conference on Information Systems Security and Privacy (ICISSP). Angers, France, pp. 114–123, Feb 9-11 2015

  3. Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W., Dagon, D.: From throw-away traffic to bots: detecting the rise of DGA-based Malware. In: Security ’12 Proceedings of The 21st USENIX Conference on Security Symposium. Bellevue, WA, USA, pp. 24–39 Aug 8–10 2012

  4. Auriemma, L.: Microsoft Remote Desktop Protocol CVE-2012-0002 Remote Code Execution Vulnerability. SecurityFocus. http://www.securityfocus.com/bid/52353 (2012). Accessed 15 Oct 2013

  5. Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secur. Comput. 1(1), 11–33 (2004)

    Article  Google Scholar 

  6. Ballani, H., Francis, P.: Mitigating DNS DoS attacks. In: CCS ’08 Proceedings of the 15th ACM Conference on Computer and Communications Security. Alexandria, VA, USA, pp. 189–198 Oct 27–31 2008

  7. Batishchev, A.: Low Orbit Ion Cannon (LOIC). SourceForge. http://sourceforge.net/projects/loic (2012). Accessed 15 Oct 2013

  8. Bhandari, A., Sangal, A. Kumar, K.: Performance Metrics for Defence Framework against Distributed Denial of Service Attacks. ACEEE Int. J. Netw. Secur. 6. April 2014. http://searchdl.org/public/journals/2014/IJNS/5/2/39.pdf (2014). Accessed 01 Nov 2014

  9. Bhuyan, M., Kashyap, H., Bhattacharyya, D., Kalita, J.: Detecting distributed denial of service attacks: methods, tools and future directions. Comput. J. doi:10.1093/comjnl/bxt031 (2013) UK [SCI, IF: 0.79]

  10. Bicakci, K., Crispo, B., Tanenbaum, A.: Reverse SSL: Improved Server Performance and DoS Resistance for SSL Handshakes. Cryptology ePrint Archive: Report 2006/212; International Association for Cryptologic Research (2006)

  11. BITAG. SNMP Reflected Amplification DDoS Attack Mitigation. Technical Report 2012-08. Denver, CO: Broadband Internet Technical Advisory Group, Inc. (2012)

  12. Bogdanoski, M., Shuminoski, T., Risteski, A.: Analysis of the SYN flood DoS attack. Int. J. Comput. Netw. Inf. Secur. 5(8), 1–11 (2013)

    Google Scholar 

  13. Brennan, T.: OWASP HTTP Post Tool. OWASP. https://www.owasp.org/index.php/OWASP_HTTP_Post_Tool (2010). Accessed 15 Oct 2013

  14. Cavallaro, L., Kruegel, C., Vigna, G.: Mining the Network Behavior of Bots. Technical Report 2009-12. Santa Barbara: Department of Computer Science, University of California (2009)

  15. Chee, O., Brennan, T.: HTTP Post. In: OWASP AppSec. Washington, DC, Nov 8–11 2010

  16. Chen, C.: A new detection method for distributed denial-of-service attack traffic based on statistical test. J. Univers. Comput. Sci. 15(2), 488–504 (2009)

    Google Scholar 

  17. Cichonski, P., Millar, T., Grance, T., Scarfone, K.: SP 800-61: Computer Security Incident Handling Guide. NIST. http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf (2012). Accessed 01 Nov 2014

  18. Cisco Systems Inc. Defeating DDoS Attacks. Cisco Systems Inc. http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5879/ps6264/ps5888/prod_white_paper0900aecd8011e927.pdf (2004). Accessed 15 Oct 2013

  19. Clark, D., Landau, S.: The Problem isn’t Attribution; It’s Multi-Stage Attacks. MIT. http://groups.csail.mit.edu/ana/ANA%20PUBLICATIONS/The_Problem_isnt_Attribution.pdf (2010). Accessed 12 Nov 2016

  20. Colbaugh, R., Glass, K.: Proactive Defence for Evolving Cyber Threats. Technical Report 2012-11. Alburquerque: Sandia National Laboratories (2012)

  21. Deloitte. Offensive Defence—DDoS Disruption. Delloite. http://www.deloitte.com/assets/Dcom-UnitedStates/Local%20Assets/Documents/AERS/us_aers_Offensive_Defense%E2%80%93DDoS_Disruption_071814.pdf (2014). Accessed 01 Nov 2014

  22. Department of the Air Force. Capabilities for Cyber Resiliency. Department of the Air Force. https://www.fbo.gov/index?s=opportunity&mode=form&id=8482f8ddcbc8471d1ff609574b2d68e8&tab=core&_cview=1 (2014). Accessed 01 Nov 2014

  23. DoD. Department of Defence Strategy for Operating in Cyberspace. DoD. http://www.defence.gov/news/d20110714cyber.pdf (2011). Accessed 15 Nov 2013

  24. Douligeris, C., Mitrokotsa, A.: DDoS attacks and defence mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004)

    Article  Google Scholar 

  25. Endicott-Popovsky, B, Frincke, D.: Adding the fourth ’R’: a systems approach to solving the Hacker’s arms race. In: Hawaii International Conference on System Sciences (HICSS) 39 Symposium: Skilled Human-intelligent Agent Performance: Measurement, Application and Symposium, Kauai, HI, Jan 4–7 2006

  26. F5 Networks, Inc. Application Security Manager. F5 Networks, Inc. https://f5.com/products/modules/application-security-manager (2014). Accessed 01 Nov 2014

  27. Feigenbaum, J., Johnson, A., Syverson, P.: A model of onion routing with provable anonymity. In: Financial Cryptography and Data Security, 11th International Conference, FC 2007, LNCS forthcoming. Scarborough, Trinidad and Tobago, pp. 55–71, Feb 12–16 2007

  28. Ficco, M, Rak, M.: Stealthy denial of service strategy in cloud computing. IEEE Trans. Cloud Comput. (2014) PP 99. doi:10.1109/TCC.2014.2325045

  29. Garcia-Teodoro, P., Diaz-Verdejo, J., Macia-Fernandez, G., Vazquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009)

    Article  Google Scholar 

  30. Ghazali, K., Hassan, R.: Flooding distributed denial of service attacks-a review. J. Comput. Sci. 7(8), 1218–1223 (2011). doi:10.3844/jcssp.2011.1218.1223

    Article  Google Scholar 

  31. Goel, R., Garuba, M., Girma, A.: Cloud computing vulnerability: DDoS as its main security threat, and analysis of IDS as a solution model. In: 11th International Conference on Information Technology: New Generations (ITNG). Las Vegas, NV, pp. 307–312, Apr 7–9 2014

  32. Graham-Cumming, J.: Understanding and mitigating NTP-based DDoS attacks. CloudFlare. http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks (2014). Accessed 02 Apr 2014

  33. Gupta, B., Joshi, R., Misra, M.: Distributed denial of service prevention techniques. Int. J. Comput. Electr. Eng. 2(2), 268–276 (2010)

    Article  Google Scholar 

  34. Gushin, Y., Behar, A.: Roboo. ECL Labs. http://www.ecl-labs.org/2011/03/17/roboo-http-mitigator.html (2011). Accessed 15 Oct 2013

  35. Handley, M., Rescorla, E.: Internet Denial-of-Service Considerations. Internet Engineering Task Force. http://tools.ietf.org/pdf/rfc4732.pdf (2006). Accessed 15 Oct 2013

  36. Hansen, R.: Slowloris. Ha.ckers. http://ckers.org/slowloris/ (2009). Accessed 15 Oct 2013

  37. Hari, K., Dohi, T.: Dependability modeling and analysis of random port hopping. In: 9th International Conference on Ubiquitous Intelligence and Computing and 9th International Conference on Autonomic and Trusted Computing. Fukuoka, Japan, pp. 586–593, Sept 4–7 2012

  38. Holdaway, E.: Active Computer Network Defence: An Assessment. AU/ACSC/055/2001-04. Montgomery, AL: Maxwell AFB (2001)

  39. Johnson, J.: Implementing Active Defence Systems on Private Networks. SANS Institute. https://www.sans.org/reading-room/whitepapers/attacking/implementing-active-defence-systems-private-networks-34312 (2013). Accessed 15 Oct 2013

  40. Kallberg, J., Thuraisingham, B.: Towards cyber operations—the new role of academic cyber security research and rducation. In: IEEE International Conference on Intelligence and Security Informatics. Arlington, VA, pp. 132–134, Jun 11–14 2014

  41. Kambourakis, G., Moschos, T., Geneiatakis, D., Gritzalis, S.: Detecting DNS amplification attacks. In: Ctitical Information Infrastructures Security, Second International Workshop. Málaga, Spain, pp. 185–196, Oct 3–5 2007

  42. Karimazad, R., Faraahi, A.: An anomaly based method for DDoS attacks detection using RBF neural networks. In: Proceedings of the International Conference on Network and Electronics Engineering. Singapore, pp. 44–48, Sept 16–18 2011

  43. Kovacs, E.: LOIC DDOS Attack Tool Migrated to Android. Softpedia. http://news.softpedia.com/news/LOIC-DDOS-Attack-Tool-Migrated-to-Android-254119.shtml (2012). Accessed 01 Nov 2014

  44. Leder, F., Werner, T., Martini, P.: Proactive botnet countermeasures an offensive approach. Cooperative Cyber Defence Centre of Excellence. https://ccdcoe.org/publications/virtualbattlefield/15_LEDER_Proactive_Coutnermeasures.pdf (2009). Accessed 12 Nov 2016

  45. Loshin, P.: Details Emerging on Dyn DNS DDoS Attack, Mirai IoT Botnet. TechTarget SearchSecurity. http://searchsecurity.techtarget.com/news/450401962/Details-emerging-on-Dyn-DNS-DDoS-attack-Mirai-IoT-botnet (2016). Accessed 12 Nov 2016

  46. Margaritelli, S.: Announcement: dSploit merges with ZImperium zANTI2. ZImperium. http://dsploit.net/ (2014). Accessed 01 Nov 2014

  47. Mather, T., Kumaraswamy, S., Latif, S.: Cloud Security and Privacy. O’Reilly Media, Sebastopol (2009)

    Google Scholar 

  48. Mirković, J., Dietrich, S., Dittrich, D., Reiher, P.: Internet Denial of Service: Attack and Defence Mechanisms. Pearson Education, Stoughton (2004)

    Google Scholar 

  49. Mirković, J., Reiher, P.: A taxonomy of DDoS attacks and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 349(2), 39–54 (2004). doi:10.1145/997150.997156

    Article  Google Scholar 

  50. Montoro, R.: Quick Analysis of a DDoS Attack Using SSDP. Sucuri. http://blog.sucuri.net/2014/09/quick-analysis-of-a-ddos-attack-using-ssdp.html (2014). Accessed 01 Nov 2014

  51. Moore, H.D.: Metasploit Framework (MSF). Rapid7. http://www.metasploit.com/ (2013). Accessed 15 Oct 2013

  52. Munz, G., Carle, G.: Real-time analysis of flow data for network attack detection. In: Proceedings of the 10th IFIP/IEEE International Symposium on Integrated Network Management. Munich, Germany, pp. 100–108, May 21–25 2007

  53. Narasimhan, H., Varadarjan, V., Rangan, C.: Game theoretic resistance to denial of service attacks using hidden difficulty puzzles. In: Proceedings of the 6th international conference on Information Security Practice and Experience. Seoul, Korea, pp. 359–376, May 12–13 2010

  54. Neustar. HTTP GET Flood DDoS Attack, aka HTTP Object Request Flood. Neustar. http://www.ddosattacks.biz/attacks/http-post-flood-ddos-attack-definition-mitigation (2013). Accessed 01 Nov 2014

  55. Nice, T., Mathew, A.: Different types of port-hopping methods used to prevent DDoS attacks. Int. J. Comput. Sci. Res. Technol. 1(5), 36–37 (2013)

    Google Scholar 

  56. NSFOCUS Ltd., Mid-Year DDoS Threat Report, Technical Report 2013–07, p. 2013. NSFOCUS Ltd, Beijing (2013)

  57. oCERT. 2011-003 Multiple Implementations Denial-of-Service via Hash Algorithm Collision. oCERT. http://www.ocert.org/advisories/ocert-2011-003.html (2011). Accessed 01 Nov 2014

  58. Offensive Security. Kali Linux NetHunter. Offensive Security. http://www.nethunter.com/ (2014). Accessed 01 Nov 2014

  59. Orchilles, J.: Multiple Vendor SSL/TLS Renegotiation Denial Of Service Vulnerability. SecurityFocus. http://www.securityfocus.com/bid/48626 (2011). Accessed 15 Nov 2013

  60. Orchilles, J.: TLS/SSL Renegotiation DoS. Internet Engineering Task Force. http://www.ietf.org/mail-archive/web/tls/current/msg07553.html (2006). Accessed 15 Nov 2013

  61. Prolexic Ltd. Prolexic Quarterly Global DDoS Attack Report. Technical Report 2013-07. Hollywood: Prolexic Ltd. (2013)

  62. Radware Inc. DefencePro: Real-Time, Behavioral Based Attack Mitigation. Radware Inc. http://www.radware.com/Products/DefencePro/ (2013). Accessed 15 Oct 2013

  63. Radware Inc. Global Application and Network Security Report 2013. Technical Report 2013-01. Mahwah: Radware Inc. (2013)

  64. Radware Inc. Global Application and Network Security Report 2015–2016. Technical Report 2016-01. Mahwah: Radware Inc. (2016)

  65. Reddy, V., Rani, S., Vedika, J., Reddy, C.: Game theory based defense strategy against denial of service attack using puzzles. J. Eng. Res. Appl. (IJERA) 3(1), 751–757 (2013)

    Google Scholar 

  66. Robish, E.: Decloak Wiki. SourceForge. http://sourceforge.net/p/adhd/wiki/Decloak/ (2013). Accessed 15 Oct 2013

  67. Robish, E., Johnson, K., Stand, J.: Active Defence Harbinger Distribution (ADHD). SourceForge. http://sourceforge.net/projects/adhd (2013). Accessed 15 Oct 2013

  68. Saied, A., Overill, R., Radzik, T.: Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing 172(8), 385–393 (2016)

    Article  Google Scholar 

  69. Schneier, B.: Attributing the Sony Attack. Schneier on Security. https://www.schneier.com/blog/archives/2015/01/attributing_the.html (2015). Accessed 12 Nov 2016

  70. Security TechCenter. Microsoft Security Bulletin MS12-020. Security TechCenter. http://technet.microsoft.com/en-us/security/bulletin/ms12-020 (2012). Accessed 15 Oct 2013

  71. Siewiorek, D., Swarz, R.: Reliable Computer Systems: Design and Evaluation. A K Peters/CRC Press, Natick (1998)

    MATH  Google Scholar 

  72. Sriram, I., Hosseni, A.: Research, Agenda in Cloud Technology. In: 1st ACM Symposium on Cloud Computing, 10–11. Indianapolis, IN, USA (2010 Jun)

  73. Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security. Chicago, IL, USA, pp. 635–647, Nov 9-13 2009

  74. Sysoev, I.: Nginx. Nginx. http://nginx.org/en/ (2013). Accessed 15 Nov 2013

  75. The Hacker’s Choice (THC). THC-SSL-DoS. THC. https://www.thc.org/thc-ssl-dos/ (2011) Accessed 15 Oct 2013

  76. Vivinsandar, S., Shenai, S.: Economic denial of sustainability (edos) in cloud services using HTTP and XML based DDoS attacks. Int. J. Comput. Appl. 41(20), 11–16 (2012)

    Google Scholar 

  77. Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., Shenker, S.: DDoS defense by offense. ACM Trans. Comput. Syst. (TOCS) 28(1), 3–57 (2010). doi:10.1145/1731060.1731063

    Article  Google Scholar 

  78. Wueest, C.: Security Response: The Continued Rise of DDoS Attacks. Technical Report 2014-10. Mountain View, CA: Symantec Corporation (2014)

  79. Zhao, L., Iyer, R., Makineni, S., Bhuyan, L.: Anatomy and performance of SSL processing. In: IEEE International Symposium on Performance Analysis of Systems and Software. Austin, TX, USA, pp. 197–206, Mar 20–22 2005

Download references

Acknowledgements

We would like to highlight the importance of effort and contribution made to this work by all the anonymous reviewers. We express our gratitude for their relevant and constructive feedback, which was of great help to us.

Author information

Authors and Affiliations

  1. Faculty of Electrical Engineering and Computing, University of Zagreb, Zagreb, Croatia

    Vinko Zlomislić, Krešimir Fertalj & Vlado Sruk

Authors
  1. Vinko Zlomislić
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Krešimir Fertalj
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vlado Sruk
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vinko Zlomislić.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zlomislić, V., Fertalj, K. & Sruk, V. Denial of service attacks, defences and research challenges. Cluster Comput 20, 661–671 (2017). https://doi.org/10.1007/s10586-017-0730-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-017-0730-x

Keywords

Search

Navigation