A Classification of DDoS Attacks and its Approach for Attack Prevention

M. Chaitanya Kishore Reddi*, Sunil Kumawath**, T. Gowtham Sai Krishna***, T.M. Sneha****
* Assistant Professor, Department of Computer Science and Engineering, St. Peter’s Engineering College, Hyderabad, India.
**-**** Scholar, Department of Computer Science and Engineering, St. Peter’s Engineering College, Hyderabad, India.
Periodicity:June - August'2017
DOI : https://doi.org/10.26634/jcom.5.2.13903

Abstract

Currently, distributed denial of service attack (DDoS) is a very serious threat in the internet. Large number of packets are send to a victim to jam the traffic so that the attacker can use the data of the victim. Various attack methods, its mechanisms, flooding attacks etc (Mirkovic and Reiher, 2005) are briefed in this paper. The scopes of DDOS attacks, measures and solutions to the attacks are hereby explored with effectiveness in various attack scenarios. A Distributed Denial-of-Service (DDoS) attack is an attack where the perpetrator uses more than one unique IP address, often thousands of them. Attacks may involve forging sender's Internet Protocol (IP) addresses (IP address spoofing) as an alternative or augmentation of DDoS, making it difficult to identify and defeat the attack. For specific targeted purposes, including disrupting transactions and accessing databases, an application layer DDoS attack is done, which requires less resource and often accompanies network layer attacks.

Keywords

DDoS Attacks, Flooding Attack, Classifications, Tools, Algorithms

How to Cite this Article?

Reddy, M.C.K., Kumawath, S., Krishna, T.G.S., and Sneha, T.M. (2017). A Classification of DDoS Attacks and its Approach for Attack Prevention. i-manager’s Journal on Computer Science, 5(2), 1-7. https://doi.org/10.26634/jcom.5.2.13903

References

[1]. Alomari, E., Manickam, S., Gupta, B. B., Karuppayah, S., & Alfaris, R. (2012). Botnet-based Distributed Denial of Service (DDoS) Attacks on Web servers: Classification and Art. Cornel University Library.
[2]. Bellovin, S. M. & Gont, F. (2012). Defending against sequence number attacks. RFC 1948.
[3]. Bhuyan, M. H., Kashyap, H. J., Bhattacharyya, D. K., & Kalita, J. K. (2013). Detecting distributed denial of service attacks: methods, tools and future directions. The Computer Journal, 57(4), 537-556.
[4]. Chang, R. K. (2002). Defending against floodingbased distributed denial-of-service attacks: a tutorial. IEEE Communications Magazine, 40(10), 42-51.
[5].Cohen, M. L. & Kuykendall, D. A. (2011). Prevention of distributed denial of service attacks. U.S. Patent Application No. 12/889, 322.
[6]. Dittrich, D. (1999). The DoS Project's 'trinoo' distributed denial of service attack tool
[7]. Ferguson, P. & Senie, D. (2000). Network Ingress Filtering: Defeating Denial of service Attacks which Employ IP Source Address Spoofing. RFC 2827.
[8]. Garg, A. & Reddy, A. L. N. (2002). Mitigation of DoS attacks through QoS Regulation. In Proceedings of IWQOS workshop.
[9]. Gavrilis, D. & Dermatas, E. (2005). Real-time detection of distributed denial-of-service attacks using RBF networks and statistical features. Computer Networks, 48(2), 235- 245.
[10]. Hashmi, M. J., Saxena, M., & Saini, R. (2012). Classification of DDoS attacks and their defense techniques using intrusion prevention system. International Journal of Computer Science & Communication Networks, 2(5), 607-614.
[11]. Iumatti-Lodewyk, V. (2015). A meta-synthesis of micro facial expression literature and the legal system (Doctoral dissertation, Alaska Pacific University).
[12]. Lau, F., Rubin, S. H., Smith, M. H., & Trajkovic, L. (2000). Distributed denial of service attacks. In Systems, Man, and Cybernetics, 2000 IEEE International Conference on (Vol. 3, pp. 2275-2280). IEEE.
[13]. Leiwo, J. & Zheng, Y. (1997, July). A method to implement a denial of service protection base. In Australasian Conference on Information Security and Privacy (pp. 90-101). Springer, Berlin, Heidelberg.
[14]. Mirkovic, J. & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39-53.
[15]. Mirkovic, J. & Reiher, P. (2005). D-WARD: a sourceend defense against flooding denial-of-service attacks. IEEE transactions on Dependable and Secure Computing, 2(3), 216-232.
[16]. Paxson, V. (2001). An analysis of using reflectors for distributed denial-of-service attacks. ACM SIGCOMM Computer Communication Review, 31(3), 38-47.
[17]. Peng, T., Leckie, C., & Ramamohanarao, K. (2007). Sur vey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Computing Surveys (CSUR), 39(1), 3.
[18]. Prier, G. K. (2003). IDward: Implementing DWard on the IXP (Doctoral dissertation, University of California, Los Angeles).
[19]. Solms, R. V. & Niekerk, J. V. (2013). From information security to cyber security. Computers & Security, 38, 97- 102.
[20]. Spatscheck, O. & Peterson, L. L. (1999, February). Defending against denial of service attacks in Scout. In OSDI (Vol. 99, pp. 59-72).
[21]. Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys & Tutorials, 15(4), 2046-2069.
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Online 15 15

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.