A Comprehensive Categorization of DDoS Attack and DDoS Defense Techniques

  • Usman Tariq
  • ManPyo Hong
  • Kyung-suk Lhee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4093)


Distributed Denial of Service (DDoS) attack is the greatest security fear for IT managers. With in no time, thousands of vulnerable computers can flood victim website by choking legitimate traffic. Several specific security measurements are deployed to encounter DDoS problem. Instead of specific solution, a comprehensive DDoS cure is needed which can combat against the previously and upcoming DDoS attack vulnerabilities. Development of such solution requires understanding of all those aspects which can help hacker to activate zombies and launch DDoS attack.

In this paper, we comprehensively analyzed the DDoS problem and we proposed a simplified taxonomy to categorize the attack scope and available defense solutions. This taxonomy can help the software developers and security practitioners to understand the common vulnerabilities that encourage the attackers to launch DDoS attack.


Congestion Control Domain Name System Service Attack Flash Crowd Attack Traffic 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Moore, D., Voelker, G., Savage, S.: Inferring Internet Denial of Service activity. In: Proceedings of the USENIX Security Symposium, Washington, DC, USA, pp. 9–22 (2001)Google Scholar
  2. 2.
    Karig, D., Lee, R.: Remote Denial of Service Attacks and Countermeasures. Princeton UniversityGoogle Scholar
  3. 3.
    Davidowicz, D.: Domain Name System (DNS) Security (1999), http://compsec101.antibozo.net/papers/dnssec/dnssec.html
  4. 4.
    Lee, H.H., Chang, E.C., Chan, M.C.: Pervasive Random Beacon in the Internet for Covert Coordination, http://www.comp.nus.edu.sg
  5. 5.
    Distributed Denial of Service attacks and their defenses, http://www.lancs.ac.uk/postgrad/pissias/netsec/ddos/
  6. 6.
    Lee, H.C.J., Thing, V.L.L., Xu, Y., Ma, M.: ICMP Traceback with Cumulative Path, an Efficient Solution for IP Traceback. In: Proceedings of the international conference on Information and Communication Security (October 2003)Google Scholar
  7. 7.
  8. 8.
    Korn, A., Feher, G.: RESPIRE – a Novel Approach to automatically Blocking SYN Flooding AttacksGoogle Scholar
  9. 9.
    Carl, G., Kesidis, G., Brooks, R.R., Rai, S.: Denial-of-Service Attack-Detection Techniques. In: Proceedings of the IEEE Computer Society (January/February 2006)Google Scholar
  10. 10.
    Luo, X., Chang, R.K.C.: On a New Class of Pulsing Denial-of-Service Attacks and the DefenseGoogle Scholar
  11. 11.
    Intel, ReadySys, IP Fabrics: Modular, Flexible Internet Traffic-Monitoring Solution for Networks of Today and Tomorrow An Advanced TCA®-Based Security Solution from RadiSys and IP Fabrics, ICSA Labs (March 2005) Google Scholar
  12. 12.
    Chappell, L.: Advanced Packet Filtering, http://www.packet-level.com
  13. 13.
    Wang, D., Ramakrishnan, K.K., Kalmanek, C.: Congestion Control in Resilient Packet Rings. In: Proceedings of the 12th IEEE International Conference on Network Protocols (ICNP 2004) (2004)Google Scholar
  14. 14.
    Dilli, R.K.: Passive Monitoring and Detection of Spoofed IP attacksGoogle Scholar
  15. 15.
    Baentsch, M., et al.: Enhancing the Web’s Infrastructure: From Caching to Reproduction. Proceedings of the IEEE Internet Computing 1(2) (1997)Google Scholar
  16. 16.
    Mirkovic, J., Prier, G., Reiher, P.L.: Attacking DDoS at the Source. In: Proceedings of the 10th IEEE International Conference on Network Protocols, November 12-15, 2002, pp. 312–321 (2002)Google Scholar
  17. 17.
    Kai, C., Xiaoxin, H., Ruibing, H.: DDOS SCOUTER: A SIMPLE IP TRACEBACK SCHEME: Bell-labs Research China, Lucent Technologies, Beijing, ChinaGoogle Scholar
  18. 18.
    Song, D.X., Perrig, A.: Advanced and Authenticated Marking Schemes for IP Traceback. In: Proccedings, IEEE INFOCOM 2001 (2001)Google Scholar
  19. 19.
    Kamara, S., Davis, D., Ballard, L., Caudy, R., Monrose, F.: An Extensible Platform for Evaluating Security Protocols. In: Proceedings of the 38th Annual Simulation Symposium (ANSS 2005) (2005)Google Scholar
  20. 20.
  21. 21.
    Internet Security System: Distributed Denial of Service Attack Tools, http://documents.iss.net/whitepapers/ddos.pdf
  22. 22.
    Yaar, A., Perrig, A., Song, D.: Pi: A Path Identification Mechanism to Defend against DDoS Attacks. In: Proceedings of the IEEE Security and Privacy Symposium, IEEE Computer Society Press, Los AlamitosGoogle Scholar
  23. 23.
    Gil, M., Poleto, M.: MULTOPS: a data-structure for bandwidth attack detection. In: Proceedings of 10th Usenix Security Symposium, Washington, DC, August 13-17, 2001, pp. 23–38 (2001)Google Scholar
  24. 24.
    Mirkovic, J., Prier, G., Reihe, P.L.: Source-End DDoS Defense*. In: Proceedings of 2nd IEEE International Symposium on Network Computing and Applications (April 2003)Google Scholar
  25. 25.
    Ferguson, P., Senie, D.: Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing. RFC 2827 (May 2000)Google Scholar
  26. 26.
    Bradley, K.A., Cheung, S., Puketza, N., Mukherjee, B., Olsson, R.A.: Detecting Disorderly routers: a distributed network monitoring approach. In: Proceedings of the 1998 IEEE Symposium on Security and Privacy, Oakland, CA, pp. 115–124. IEEE Press, New York (1998)Google Scholar
  27. 27.
    Floyd, S., Bellovin, S., Ioannidis, J., Kompella, K., Mahajan, R., Paxson, V.: Pushback messages for controlling aggregates in the network. Internet Draft, Work in progress (2001)Google Scholar
  28. 28.
    Yau, D.K., Lui, J.C.S., Liang, F.: Defending against Distributed Denial of Service attacks with max-min fair server-centric router throttles. In: Proceedings of the Tenth IEEE International Workshop on Quality of Service (IWQoS), Miami Beach, FL, pp. 35–44 (2002)Google Scholar
  29. 29.
    Garg, A., Reddy, A.L.N.: Mitigating Denial of service Attacks using QoS regulation. In: Proceedings of the Tenth IEEE International Workshop on Quality of Service, pp. 45–53 (2002)Google Scholar
  30. 30.
    Mirkovic, J., Martin, J., Reiher, P.: A taxonomy of DDoS attacks and DDoS defense mechanisms, UCLA CSD Technical Report no. 020018Google Scholar
  31. 31.
    Specht, S.M., Lee, R.B.: Distributed Denial of Service: Taxonomies of Attacks, Tools and Countermeasures. In: Proc. PDCS, San Francisco, CA (2004)Google Scholar
  32. 32.
    Chen, L.C., Longstaff, T.A., Carley, K.M.: A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. Computers and Security (2004)Google Scholar
  33. 33.
    Zaroo, P.: A survey of DDoS attacks and some DDoS defense mechanisms, Advanced Information Assurance (CS 626)Google Scholar
  34. 34.
    Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art: Proceeding of Computer Networks. The International Journal of Computer and Telecommunications NetworkingGoogle Scholar
  35. 35.
    Xiang, Y., Zhou, W., Chowdhury, M.: A Survey of Active and Passive Defense Mechanisms against DDoS AttacksGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Usman Tariq
    • 1
  • ManPyo Hong
    • 1
  • Kyung-suk Lhee
    • 1
  1. 1.Digital Vaccine and Internet Immune System Laboratory, Graduate School of Information and CommunicationAjou UniversityKorea

Personalised recommendations