Distributed Denial of Service Attacks and Defense Mechanisms: Current Landscape and Future Directions

  • Sajal BhatiaEmail author
  • Sunny Behal
  • Irfan Ahmed
Part of the Advances in Information Security book series (ADIS, volume 72)


Societal dependence on Information and Communication Technology (ICT) over the past two decades has brought with it an increased vulnerability to a large variety of cyber-attacks. One such attack is a Distributed Denial-of-Service (DDoS) attack which harnesses the power of a larger number of compromised and geographically distributed computers and other networked machines to attack information-providing services, often resulting in significant downtime and thereby causing a denial-of-service to legitimate clients. The size, frequency, and sophistication of such attacks have exponentially risen over the past decade. In order to develop a better understanding of these attacks and defense system against this ever-growing threat, it is essential to understand their modus operandi, latest trends and other most widely-used tactics. Consequently, the study of DDoS attacks and techniques to accurately and reliably detect and mitigate their impact is an important area of research. This chapter largely focuses on the current landscape of DDoS attack detection and defense mechanisms and provides detailed information about the latest modus operandi of various network and application layer DDoS attacks, and presents an extended taxonomy to accommodate the novel attack types. In addition, it provides directions for future research in DDoS attack detection and mitigation.


  1. 1.
    US Committee on National Security Systems, “National Information Assurance (IA) Glossary,” CNSS, Instruction 4009, 2006.Google Scholar
  2. 2.
    G. Linden, “Make Data Useful,” Presentation, Amazon, November, 2006.Google Scholar
  3. 3.
    R. Stapleton-Gray and W. Woodcock, “National Internet Defense—Small States on the Skirmish Line,” Communications of the ACM, vol. 54, no. 3, pp. 50–55, 2011.CrossRefGoogle Scholar
  4. 4.
    C. M. R. Dobbins, “Worldwide Infrastructure Security Report,” Arbor Networks, Tech. Rep., 2011.Google Scholar
  5. 5.
    D. Moore, C. Shannon, D. Brown, G. Voelker, and S. Savage, “Inferring Internet Denial-of-Service Activity,” ACM Transactions on Computer Systems (TOCS), vol. 24, no. 2, pp. 115–139, 2006.CrossRefGoogle Scholar
  6. 6.
    “Prolexic Quarterly Global DDoS Attack Report – Q4 2012,” Prolexic, Tech. Rep., 2012.Google Scholar
  7. 7.
    “Global ddos threat landscape q3 2017,”, 2017.
  8. 8.
    F. Khan, “Botnet Economy,”, [Online; accessed 23-Sep-2012].
  9. 9.
    M. Kenney, “Ping of Death,”, Jan 1997, [Online; accessed 26-Sep-2012].
  10. 10.
    S. Suriadi, A. Clark, and D. Schmidt, “Validating Denial of Service Vulnerabilities in Web Services,” in IEEE Computer Society Proceedings of the Fourth International Conference on Network and System Security. IEEE Computer Society, 2010.Google Scholar
  11. 11.
    J. Mirkovic and P. Reiher, “A Taxonomy of DDoS Attack and DDoS Defense Mechanisms,” ACM SIGCOMM Computer Communication Review, vol. 34, no. 2, pp. 39–53, 2004.CrossRefGoogle Scholar
  12. 12.
    S. M. Specht and R. B. Lee, “Distributed denial of service: Taxonomies of attacks, tools, and countermeasures.” in ISCA PDCS, 2004, pp. 543–550.Google Scholar
  13. 13.
    M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, “Network anomaly detection: methods, systems and tools,” Ieee communications surveys & tutorials, vol. 16, no. 1, pp. 303–336, 2014.CrossRefGoogle Scholar
  14. 14.
    Y. Xiang, K. Li, and W. Zhou, “Low-rate ddos attacks detection and traceback by using new information metrics,” IEEE Transactions on Information Forensics and Security, vol. 6, no. 2, pp. 426–437, 2011.CrossRefGoogle Scholar
  15. 15.
    M. H. Bhuyan, D. Bhattacharyya, and J. K. Kalita, “E-ldat: a lightweight system for ddos flooding attack detection and ip traceback using extended entropy metric,” Security and Communication Networks, vol. 9, no. 16, pp. 3251–3270, 2016.CrossRefGoogle Scholar
  16. 16.
    Imperva, “Global ddos threat landscape q4 report.”, 2017, [Online; accessed 25-Aug-2017].
  17. 17.
    C. Labovitz, “The Internet Goes to War,”, 14 Dec 2010, [Online; accessed 23-Sep-2012].
  18. 18.
    T. Bradley, “Operation Payback: WikiLeaks Avenged by Hacktivists,”, 7 Dec 2010, [Online; accessed 23-Sep-2012].
  19. 19.
    E. Addley and J. Halliday, “Operation Payback Cripples MasterCard Site in Revenge for WikiLeaks Ban,”, Dec 2010, [Online; accessed 23-Sep-2012].
  20. 20.
    R. Singel, “Operation Payback Cripples MasterCard Site in Revenge for WikiLeaks Ban,”, Dec 2010, [Online; accessed 24-Sep-2012].
  21. 21.
    V. Paxson, “An Analysis of Using Reflectors for Distributed Denial-of-service Attacks,” ACM SIGCOMM Computer Communication Review, vol. 31, no. 3, pp. 38–47, 2001.CrossRefGoogle Scholar
  22. 22.
    “The DDoS that knocked Spamhaus offline,”, 2013, [Online; accessed 2-Apr-2013].
  23. 23.
    T. Peng, C. Leckie, and K. Ramamohanarao, “Survey of Network-based Defense Mechanisms Countering the DoS and DDoS Problems,” ACM Computing Surveys, vol. 39, no. 1, p. 3, 2007.CrossRefGoogle Scholar
  24. 24.
    V. Gulisano, M. Callau-Zori, Z. Fu, R. Jiménez-Peris, M. Papatriantafilou, and M. Patiño-Martínez, “Stone: A streaming ddos defense framework,” Expert Systems with Applications, vol. 42, no. 24, pp. 9620–9633, 2015.CrossRefGoogle Scholar
  25. 25.
    K. Kumar, R. Joshi, and K. Singh, “An isp level distributed approach to detect ddos attacks,” in Innovative Algorithms and Techniques in Automation, Industrial Electronics and Telecommunications. Springer, 2007, pp. 235–240.Google Scholar
  26. 26.
    M. Sachdeva, K. Kumar, and G. Singh, “A comprehensive approach to discriminate ddos attacks from flash events,” Journal of Information Security and Applications, vol. 26, pp. 8–22, 2016.CrossRefGoogle Scholar
  27. 27.
    S. Behal and K. Kumar, “Trends in validation of ddos research,” Procedia Computer Science, vol. 85, pp. 7–15, 2016.CrossRefGoogle Scholar
  28. 28.
    S. Bhatia, “Ensemble-based model for ddos attack detection and flash event separation,” in Future Technologies Conference (FTC). IEEE, 2016, pp. 958–967.Google Scholar
  29. 29.
    R. Saravanan, S. Shanmuganathan, and Y. Palanichamy, “Behavior-based detection of application layer distributed denial of service attacks during flash events,” Turkish Journal of Electrical Engineering & Computer Sciences, vol. 24, no. 2, pp. 510–523, 2016.CrossRefGoogle Scholar
  30. 30.
    A. Bhandari, A. L. Sangal, and K. Kumar, “Characterizing flash events and distributed denial-of-service attacks: an empirical investigation,” Security and Communication Networks, 2016.Google Scholar
  31. 31.
    D. Senie and P. Ferguson, “Network ingress filtering: Defeating denial of service attacks which employ ip source address spoofing,” Network, 1998.Google Scholar
  32. 32.
    K. Park and H. Lee, “On the effectiveness of route-based packet filtering for distributed dos attack prevention in power-law internets,” in ACM SIGCOMM computer communication review, vol. 31, no. 4. ACM, 2001, pp. 15–26.Google Scholar
  33. 33.
    J. Li, J. Mirkovic, M. Wang, P. Reiher, and L. Zhang, “Save: Source address validity enforcement protocol,” in INFOCOM 2002. Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE, vol. 3. IEEE, 2002, pp. 1557–1566.Google Scholar
  34. 34.
    T. Peng, C. Leckie, and K. Ramamohanarao, “Protection from Distributed Denial of Service Attacks Using History-based IP Filtering,” in IEEE International Conference on Communications, 2003. ICC’03, 2003, pp. 482–486.Google Scholar
  35. 35.
    Y. Kim, W. C. Lau, M. C. Chuah, and H. J. Chao, “Packetscore: a statistics-based packet filtering scheme against distributed denial-of-service attacks,” IEEE transactions on dependable and secure computing, vol. 3, no. 2, pp. 141–155, 2006.CrossRefGoogle Scholar
  36. 36.
    X. Liu, X. Yang, and Y. Lu, “Stopit: Mitigating dos flooding attacks from multi-million botnets,” Technical Report 08-05, UC Irvine, Tech. Rep., 2008.Google Scholar
  37. 37.
    A. Saifullah, “Defending against distributed denial-of-service attacks with weight-fair router throttling,” 2009.Google Scholar
  38. 38.
    M. A. Saleh and A. Abdul Manaf, “A novel protective framework for defeating http-based denial of service and distributed denial of service attacks,” The Scientific World Journal, vol. 2015, 2015.Google Scholar
  39. 39.
    E. Y. M. Muharish, “Packet filter approach to detect denial of service attacks,” 2016.Google Scholar
  40. 40.
    K. Kalkan and F. Alagöz, “A distributed filtering mechanism against ddos attacks: Scoreforcore,” Computer Networks, vol. 108, pp. 199–209, 2016.CrossRefGoogle Scholar
  41. 41.
    T. Gil and M. Poletto, MULTOPS: a data-structure for bandwidth attack detection. Defense Technical Information Center, 2001.Google Scholar
  42. 42.
    L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, “Statistical Approaches to DDoS Attack Detection and Response,” in DARPA Information Survivability Conference and Exposition, 2003. Proceedings, vol. 1. IEEE, 2003, pp. 303–314.Google Scholar
  43. 43.
    A. Akella, A. Bharambe, M. Reiter, and S. Seshan, “Detecting ddos attacks on isp networks,” in Proceedings of the Twenty-Second ACM SIGMOD/PODS Workshop on Management and Processing of Data Streams. Citeseer, 2003, pp. 1–3.Google Scholar
  44. 44.
    S. Jin and D. S. Yeung, “A covariance analysis model for ddos attack detection,” in Communications, 2004 IEEE International Conference on, vol. 4. IEEE, 2004, pp. 1882–1886.Google Scholar
  45. 45.
    J. Mirkovic and P. Reiher, “D-ward: a source-end defense against flooding denial-of-service attacks,” IEEE transactions on Dependable and Secure Computing, vol. 2, no. 3, pp. 216–232, 2005.CrossRefGoogle Scholar
  46. 46.
    Y. Chen, K. Hwang, and W.-S. Ku, “Collaborative detection of ddos attacks over multiple network domains,” Parallel and Distributed Systems, IEEE Transactions on, vol. 18, no. 12, pp. 1649–1662, 2007.CrossRefGoogle Scholar
  47. 47.
    K. Lu, D. Wu, J. Fan, S. Todorovic, and A. Nucci, “Robust and efficient detection of ddos attacks for large-scale internet,” Computer Networks, vol. 51, no. 18, pp. 5036–5056, 2007.CrossRefGoogle Scholar
  48. 48.
    J. François, I. Aib, and R. Boutaba, “Firecol: a collaborative protection network for the detection of flooding ddos attacks,” IEEE/ACM Transactions on Networking (TON), vol. 20, no. 6, pp. 1828–1841, 2012.CrossRefGoogle Scholar
  49. 49.
    G. Nychis, V. Sekar, D. G. Andersen, H. Kim, and H. Zhang, “An empirical evaluation of entropy-based traffic anomaly detection,” in Proceedings of the 8th ACM SIGCOMM conference on Internet measurement. ACM, 2008, pp. 151–156.Google Scholar
  50. 50.
    B. M. Tellenbach, “Detection, classification and visualization of anomalies using generalized entropy metrics,” Ph.D. dissertation, ETH ZURICH, 2012.Google Scholar
  51. 51.
    F. Wang, H. Wang, X. Wang, and J. Su, “A new multistage approach to detect subtle ddos attacks,” Mathematical and Computer Modelling, vol. 55, no. 1, pp. 198–213, 2012.MathSciNetCrossRefGoogle Scholar
  52. 52.
    S. Bhatia, D. Schmidt, and G. Mohay, “Ensemble-based ddos detection and mitigation model,” in Proceedings of the Fifth International Conference on Security of Information and Networks. ACM, 2012, pp. 79–86.Google Scholar
  53. 53.
    X. Ma and Y. Chen, “Ddos detection method based on chaos analysis of network traffic entropy,” Communications Letters, IEEE, vol. 18, no. 1, pp. 114–117, 2014.CrossRefGoogle Scholar
  54. 54.
    J.-H. Jun, D. Lee, C.-W. Ahn, and S.-H. Kim, “Ddos attack detection using flow entropy and packet sampling on huge networks,” of: ICN, pp. 185–190, 2014.Google Scholar
  55. 55.
    A. Spognardi, A. Villani, D. Vitali, L. V. Mancini, and R. Battistoni, “Large-scale traffic anomaly detection: Analysis of real netflow datasets,” in E-Business and Telecommunications. Springer, 2014, pp. 192–208.Google Scholar
  56. 56.
    I. Basicevic, S. Ocovaj, and M. Popovic, “Use of tsallis entropy in detection of syn flood dos attacks,” Security and Communication Networks, vol. 8, no. 18, pp. 3634–3640, 2015.CrossRefGoogle Scholar
  57. 57.
    S. Bhatia, “Detecting distributed denial-of-service attacks and flash events,” Ph.D. dissertation, Queensland University of Technology, 2013.Google Scholar
  58. 58.
    P. Sangkatsanee, N. Wattanapongsakorn, and C. Charnsripinyo, “Practical real-time intrusion detection using machine learning approaches,” Computer Communications, vol. 34, no. 18, pp. 2227–2235, 2011.CrossRefGoogle Scholar
  59. 59.
    O. Joldzic, Z. Djuric, and P. Vuletic, “A transparent and scalable anomaly-based dos detection method,” Computer Networks, vol. 104, pp. 27–42, 2016.CrossRefGoogle Scholar
  60. 60.
    H. Beitollahi and G. Deconinck, “Tackling application-layer ddos attacks,” Procedia Computer Science, vol. 10, pp. 432–441, 2012.CrossRefGoogle Scholar
  61. 61.
    H. Beitollahi, G. Deconinck, “Connectionscore: a statistical technique to resist application-layer ddos attacks,” Journal of Ambient Intelligence and Humanized Computing, vol. 5, no. 3, pp. 425–442, 2014.CrossRefGoogle Scholar
  62. 62.
    T. Ni, X. Gu, H. Wang, and Y. Li, “Real-time detection of application-layer ddos attack using time series analysis,” Journal of Control Science and Engineering, vol. 2013, p. 4, 2013.CrossRefGoogle Scholar
  63. 63.
    K. Lee, J. Kim, K. H. Kwon, Y. Han, and S. Kim, “Ddos attack detection method using cluster analysis,” Expert Systems with Applications, vol. 34, no. 3, pp. 1659–1665, 2008.CrossRefGoogle Scholar
  64. 64.
    A. Chonka, J. Singh, and W. Zhou, “Chaos theory based detection against network mimicking ddos attacks,” IEEE Communications Letters, vol. 13, no. 9, 2009.CrossRefGoogle Scholar
  65. 65.
    Z. Xia, S. Lu, J. Li, and J. Tang, “Enhancing ddos flood attack detection via intelligent fuzzy logic,” Informatica, vol. 34, no. 4, 2010.Google Scholar
  66. 66.
    R. Karimazad and A. Faraahi, “An anomaly-based method for ddos attacks detection using rbf neural networks,” in Proceedings of the International Conference on Network and Electronics Engineering, 2011, pp. 16–18.Google Scholar
  67. 67.
    D. Das, U. Sharma, and D. Bhattacharyya, “Detection of http flooding attacks in multiple scenarios,” in Proceedings of the 2011 international conference on communication, computing & security. ACM, 2011, pp. 517–522.Google Scholar
  68. 68.
    S. N. Shiaeles, V. Katos, A. S. Karakos, and B. K. Papadopoulos, “Real time ddos detection using fuzzy estimators,” computers & security, vol. 31, no. 6, pp. 782–790, 2012.CrossRefGoogle Scholar
  69. 69.
    S. Y. Dorbala, R. Kishore, and N. Hubballi, “An experience report on scalable implementation of ddos attack detection,” in International Conference on Advanced Information Systems Engineering. Springer, 2015, pp. 518–529.Google Scholar
  70. 70.
    R. K. Chang, “Defending against flooding-based distributed denial-of-service attacks: a tutorial,” IEEE communications magazine, vol. 40, no. 10, pp. 42–51, 2002.CrossRefGoogle Scholar
  71. 71.
    H. Burch and B. Cheswick, “Tracing anonymous packets to their approximate source,” in LISA, 2000, pp. 319–327.Google Scholar
  72. 72.
    S. Savage, D. Wetherall, A. Karlin, and T. Anderson, “Network support for ip traceback,” IEEE/ACM transactions on networking, vol. 9, no. 3, pp. 226–237, 2001.CrossRefGoogle Scholar
  73. 73.
    D. Dean, M. Franklin, and A. Stubblefield, “An algebraic approach to ip traceback,” ACM Transactions on Information and System Security (TISSEC), vol. 5, no. 2, pp. 119–137, 2002.CrossRefGoogle Scholar
  74. 74.
    B. Al-Duwairi and M. Govindarasu, “Novel hybrid schemes employing packet marking and logging for ip traceback,” IEEE Transactions on Parallel and Distributed Systems, vol. 17, no. 5, pp. 403–418, 2006.CrossRefGoogle Scholar
  75. 75.
    S. Yu, W. Zhou, R. Doss, and W. Jia, “Traceback of ddos attacks using entropy variations,” IEEE Transactions on Parallel and Distributed Systems, vol. 22, no. 3, pp. 412–425, 2011.CrossRefGoogle Scholar
  76. 76.
    Y.-C. Wu, H.-R. Tseng, W. Yang, and R.-H. Jan, “Ddos detection and traceback with decision tree and grey relational analysis,” International Journal of Ad Hoc and Ubiquitous Computing, vol. 7, no. 2, pp. 121–136, 2011.CrossRefGoogle Scholar
  77. 77.
    V. S. Rajam, G. Selvaram, M. PradeepKumar, and S. M. Shalinie, “Autonomous system based traceback mechanism for ddos attack,” in Advanced Computing (ICoAC), 2013 Fifth International Conference on. IEEE, 2013, pp. 164–171.Google Scholar
  78. 78.
    K. Singh, P. Singh, and K. Kumar, “A systematic review of ip traceback schemes for denial of service attacks,” Computers & Security, vol. 56, pp. 111–139, 2016.CrossRefGoogle Scholar
  79. 79.
    S. Floyd and K. Fall, “Router mechanisms to support end-to-end congestion control,” Technical report, February 1997. URL”, Tech. Rep., 1997.
  80. 80.
    R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, “Controlling High Bandwidth Aggregates in the Network,” ACM SIGCOMM Computer Communication Review, vol. 32, no. 3, p. 73, 2002.CrossRefGoogle Scholar
  81. 81.
    G. Zhang and M. Parashar, “Cooperative defence against ddos attacks,” Journal of Research and Practice in Information Technology, vol. 38, no. 1, pp. 69–84, 2006.Google Scholar
  82. 82.
    X. Wang, “Mitigation of ddos attacks through pushback and resource regulation,” in MultiMedia and Information Technology, 2008. MMIT’08. International Conference on. IEEE, 2008, pp. 225–228.Google Scholar
  83. 83.
    S. R. Devi and P. Yogesh, “Detection of application layer ddos attacks using information theory based metrics,” CS & IT-CSCP, vol. 10, pp. 213–223, 2012.Google Scholar
  84. 84.
    B. Gupta, M. Misra, and R. C. Joshi, “An isp level solution to combat ddos attacks using combined statistical based approach,” arXiv preprint arXiv:1203.2400, 2012.Google Scholar
  85. 85.
    W. Wei, F. Chen, Y. Xia, and G. Jin, “A rank correlation based detection against distributed reflection dos attacks,” IEEE Communications Letters, vol. 17, no. 1, pp. 173–175, 2013.CrossRefGoogle Scholar
  86. 86.
    W. Zhou, W. Jia, S. Wen, Y. Xiang, and W. Zhou, “Detection and defense of application-layer ddos attacks in backbone web traffic,” Future Generation Computer Systems, vol. 38, pp. 36–46, 2014.CrossRefGoogle Scholar
  87. 87.
    H. Bedi, S. Roy, and S. Shiva, “Mitigating congestion based dos attacks with an enhanced aqm technique,” Computer Communications, vol. 56, pp. 60–73, 2015.CrossRefGoogle Scholar
  88. 88.
    Y. Cui, L. Yan, S. Li, H. Xing, W. Pan, J. Zhu, and X. Zheng, “Sd-anti-ddos: Fast and efficient ddos defense in software-defined networks,” Journal of Network and Computer Applications, vol. 68, pp. 65–79, 2016.CrossRefGoogle Scholar
  89. 89.
    S. Behal, K. Kumar, and M. Sachdeva, “D-face: An anomaly based distributed approach for early detection of ddos attacks and flash events,” Journal of Network and Computer Applications, 2018.Google Scholar
  90. 90.
    S. Behal, K. Kumar, and M. Sachdeva, “D-fac: A novel ϕ-divergence based distributed ddos defense system,” Journal of King Saud University-Computer and Information Sciences, 2018.Google Scholar
  91. 91.
    “Twitter, Amazon, other top websites shut in cyber attack,”, 2016, [Online; accessed 25-Aug-2017].
  92. 92.
    Poneman, “Evaluating the cost of a ddos attack,”, Dyn, Tech. Rep., 2016, [Online; accessed 25-Aug-2017].
  93. 93.
    Arbor, “Arbor network wisr report,” Arbor Networks, Tech. Rep., 2017. [Online]. Available:
  94. 94.
    “Ddos attacks, iot, and the future of it security,”, 2016.
  95. 95.
    D. Kreutz, F. Ramos, and P. Verissimo, “Towards secure and dependable software-defined networks,” in Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. ACM, 2013, pp. 55–60.Google Scholar
  96. 96.
    S. Sezer, S. Scott-Hayward, P. K. Chouhan, B. Fraser, D. Lake, J. Finnegan, N. Viljoen, M. Miller, and N. Rao, “Are we ready for sdn? implementation challenges for software-defined networks,” IEEE Communications Magazine, vol. 51, no. 7, pp. 36–43, 2013.CrossRefGoogle Scholar
  97. 97.
    B. A. A. Nunes, M. Mendonca, X.-N. Nguyen, K. Obraczka, and T. Turletti, “A survey of software-defined networking: Past, present, and future of programmable networks,” IEEE Communications Surveys & Tutorials, vol. 16, no. 3, pp. 1617–1634, 2014.CrossRefGoogle Scholar
  98. 98.
    W. Li, W. Meng et al., “A survey on openflow-based software defined networks: Security challenges and countermeasures,” Journal of Network and Computer Applications, vol. 68, pp. 126–139, 2016.CrossRefGoogle Scholar
  99. 99.
    M. Crosby, P. Pattanayak, S. Verma, and V. Kalyanaraman, “Blockchain technology: Beyond bitcoin,” Applied Innovation, vol. 2, pp. 6–10, 2016.CrossRefGoogle Scholar
  100. 100.
    I. Ahmed, V. Roussev, W. Johnson, S. Senthivel, and S. Sudhakaran, “A SCADA system testbed for cybersecurity and forensic research and pedagogy,” in Proceedings of the 2nd Annual Industrial Control System Security Workshop, ser. ICSS ‘16. New York, NY, USA: ACM, 2016, pp. 1–9. [Online]. Available:
  101. 101.
    I. Ahmed, S. Obermeier, M. Naedele, and G. G. R. III, “SCADA Systems: Challenges for Forensic Investigators,” Computer, vol. 45, no. 12, pp. 44–51, Dec 2012.CrossRefGoogle Scholar
  102. 102.
    I. Ahmed, S. Obermeier, S. Sudhakaran, and V. Roussev, “Programmable Logic Controller Forensics,” IEEE Security Privacy, vol. 15, no. 6, pp. 18–24, November 2017.CrossRefGoogle Scholar
  103. 103.
    I. Ahmed, “Supervisory Control and Data Acquisition (SCADA) Forensics: Network Traffic Analysis for Extracting a Programmable Logic Controller (PLC) System and Programming Logic Files,” in Proceedings of the 69th Annual Meeting of the American Academy of Forensic Sciences, ser. AAFS ‘17. AAFS, 2017.Google Scholar
  104. 104.
    N. Kush, E. Foo, E. Ahmed, I. Ahmed, and A. Clark, “Gap analysis of intrusion detection in smart grids,” in Proceedings of the 2nd International Cyber Resilience Conference, ser. ICRC ‘11. Australia: secau-Security Research Centre, 2011, pp. 38–46.Google Scholar
  105. 105.
    “ICS CERT Advisory (ICSA-14-303-02) on Elipse SCADA DNP3 Denial of Service,”, 2018.
  106. 106.
    S. Senthivel, I. Ahmed, and V. Roussev, “SCADA Network Forensics of the PCCC Protocol,” Digit. Investig., vol. 22, no. S, pp. S57–S65, Aug. 2017.CrossRefGoogle Scholar
  107. 107.
    S. Senthivel, S. Dhungana, H. Yoo, I. Ahmed, and V. Roussev, “Denial of Engineering Operations Attacks in Industrial Control Systems,” in Proceedings of the 8th ACM Conference on Data and Applications Security and Privacy (CODASPY), 2018.Google Scholar
  108. 108.
    “ICS CERT Advisory (ICSA-16-299-01) on Siemens SICAM,”, 2018.
  109. 109.
    “ICS CERT Advisory (ICSA-15-202-01) on Siemens SIPROTEC Denial-of-Service Vulnerability,”, 2018.
  110. 110.
    S. Bhatia, N. Kush, C. Djamaludin, J. Akande, and E. Foo, “Practical modbus flooding attack and detection,” in Proceedings of the Twelfth Australasian Information Security Conference-Volume 149. Australian Computer Society, Inc., 2014, pp. 57–65.Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.School of ComputingSacred Heart UniversityFairfieldUSA
  2. 2.Department of Computer ScienceShaheed Bhagat Singh State Technical CampusFerozepur, PunjabIndia
  3. 3.Department of Computer ScienceUniversity of New OrleansNew OrleansUSA

Personalised recommendations