Skip to main content
SpringerLink
Log in
Book cover

Versatile Cybersecurity pp 55–97Cite as

Distributed Denial of Service Attacks and Defense Mechanisms: Current Landscape and Future Directions

Part of the Advances in Information Security book series (ADIS,volume 72)

Abstract

Societal dependence on Information and Communication Technology (ICT) over the past two decades has brought with it an increased vulnerability to a large variety of cyber-attacks. One such attack is a Distributed Denial-of-Service (DDoS) attack which harnesses the power of a larger number of compromised and geographically distributed computers and other networked machines to attack information-providing services, often resulting in significant downtime and thereby causing a denial-of-service to legitimate clients. The size, frequency, and sophistication of such attacks have exponentially risen over the past decade. In order to develop a better understanding of these attacks and defense system against this ever-growing threat, it is essential to understand their modus operandi, latest trends and other most widely-used tactics. Consequently, the study of DDoS attacks and techniques to accurately and reliably detect and mitigate their impact is an important area of research. This chapter largely focuses on the current landscape of DDoS attack detection and defense mechanisms and provides detailed information about the latest modus operandi of various network and application layer DDoS attacks, and presents an extended taxonomy to accommodate the novel attack types. In addition, it provides directions for future research in DDoS attack detection and mitigation.

Keywords

  • DDoS Attacks
  • Distributed Denial Of Service (DDoS)
  • Application Layer DDoS Attacks
  • DDoS Defense
  • Traceback

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD   179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    http://www.gartner.com/newsroom/id/3598917

References

  1. US Committee on National Security Systems, “National Information Assurance (IA) Glossary,” CNSS, Instruction 4009, 2006.

    Google Scholar 

  2. G. Linden, “Make Data Useful,” Presentation, Amazon, November, 2006.

    Google Scholar 

  3. R. Stapleton-Gray and W. Woodcock, “National Internet Defense—Small States on the Skirmish Line,” Communications of the ACM, vol. 54, no. 3, pp. 50–55, 2011.

    CrossRef  Google Scholar 

  4. C. M. R. Dobbins, “Worldwide Infrastructure Security Report,” Arbor Networks, Tech. Rep., 2011.

    Google Scholar 

  5. D. Moore, C. Shannon, D. Brown, G. Voelker, and S. Savage, “Inferring Internet Denial-of-Service Activity,” ACM Transactions on Computer Systems (TOCS), vol. 24, no. 2, pp. 115–139, 2006.

    CrossRef  Google Scholar 

  6. “Prolexic Quarterly Global DDoS Attack Report – Q4 2012,” Prolexic, Tech. Rep., 2012.

    Google Scholar 

  7. “Global ddos threat landscape q3 2017,” https://www.incapsula.com/ddos-report/ddos-report-q3-2017.html, 2017.

  8. F. Khan, “Botnet Economy,” http://dos-attacks.com/2010/10/26/botnet-economy/, [Online; accessed 23-Sep-2012].

  9. M. Kenney, “Ping of Death,” http://insecure.org/sploits/ping-o-death.html, Jan 1997, [Online; accessed 26-Sep-2012].

  10. S. Suriadi, A. Clark, and D. Schmidt, “Validating Denial of Service Vulnerabilities in Web Services,” in IEEE Computer Society Proceedings of the Fourth International Conference on Network and System Security. IEEE Computer Society, 2010.

    Google Scholar 

  11. J. Mirkovic and P. Reiher, “A Taxonomy of DDoS Attack and DDoS Defense Mechanisms,” ACM SIGCOMM Computer Communication Review, vol. 34, no. 2, pp. 39–53, 2004.

    CrossRef  Google Scholar 

  12. S. M. Specht and R. B. Lee, “Distributed denial of service: Taxonomies of attacks, tools, and countermeasures.” in ISCA PDCS, 2004, pp. 543–550.

    Google Scholar 

  13. M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, “Network anomaly detection: methods, systems and tools,” Ieee communications surveys & tutorials, vol. 16, no. 1, pp. 303–336, 2014.

    CrossRef  Google Scholar 

  14. Y. Xiang, K. Li, and W. Zhou, “Low-rate ddos attacks detection and traceback by using new information metrics,” IEEE Transactions on Information Forensics and Security, vol. 6, no. 2, pp. 426–437, 2011.

    CrossRef  Google Scholar 

  15. M. H. Bhuyan, D. Bhattacharyya, and J. K. Kalita, “E-ldat: a lightweight system for ddos flooding attack detection and ip traceback using extended entropy metric,” Security and Communication Networks, vol. 9, no. 16, pp. 3251–3270, 2016.

    CrossRef  Google Scholar 

  16. Imperva, “Global ddos threat landscape q4 report.” https://www.incapsula.com/ddos-report/ddos-report-q4-2016.html, 2017, [Online; accessed 25-Aug-2017].

  17. C. Labovitz, “The Internet Goes to War,” http://asert.arbornetworks.com/2010/12/the-internet-goes-to-war/, 14 Dec 2010, [Online; accessed 23-Sep-2012].

  18. T. Bradley, “Operation Payback: WikiLeaks Avenged by Hacktivists,” http://www.pcworld.com/businesscenter/article/212701/operation_payback_wikileaks_avenged_by_hacktivists.html, 7 Dec 2010, [Online; accessed 23-Sep-2012].

  19. E. Addley and J. Halliday, “Operation Payback Cripples MasterCard Site in Revenge for WikiLeaks Ban,” http://www.guardian.co.uk/media/2010/dec/08/operation-payback-mastercard-website-wikileaks, Dec 2010, [Online; accessed 23-Sep-2012].

  20. R. Singel, “Operation Payback Cripples MasterCard Site in Revenge for WikiLeaks Ban,” http://www.wired.com/threatlevel/2010/12/web20-attack-anonymous/, Dec 2010, [Online; accessed 24-Sep-2012].

  21. V. Paxson, “An Analysis of Using Reflectors for Distributed Denial-of-service Attacks,” ACM SIGCOMM Computer Communication Review, vol. 31, no. 3, pp. 38–47, 2001.

    CrossRef  Google Scholar 

  22. “The DDoS that knocked Spamhaus offline,” http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho, 2013, [Online; accessed 2-Apr-2013].

  23. T. Peng, C. Leckie, and K. Ramamohanarao, “Survey of Network-based Defense Mechanisms Countering the DoS and DDoS Problems,” ACM Computing Surveys, vol. 39, no. 1, p. 3, 2007.

    CrossRef  Google Scholar 

  24. V. Gulisano, M. Callau-Zori, Z. Fu, R. Jiménez-Peris, M. Papatriantafilou, and M. Patiño-Martínez, “Stone: A streaming ddos defense framework,” Expert Systems with Applications, vol. 42, no. 24, pp. 9620–9633, 2015.

    CrossRef  Google Scholar 

  25. K. Kumar, R. Joshi, and K. Singh, “An isp level distributed approach to detect ddos attacks,” in Innovative Algorithms and Techniques in Automation, Industrial Electronics and Telecommunications. Springer, 2007, pp. 235–240.

    Google Scholar 

  26. M. Sachdeva, K. Kumar, and G. Singh, “A comprehensive approach to discriminate ddos attacks from flash events,” Journal of Information Security and Applications, vol. 26, pp. 8–22, 2016.

    CrossRef  Google Scholar 

  27. S. Behal and K. Kumar, “Trends in validation of ddos research,” Procedia Computer Science, vol. 85, pp. 7–15, 2016.

    CrossRef  Google Scholar 

  28. S. Bhatia, “Ensemble-based model for ddos attack detection and flash event separation,” in Future Technologies Conference (FTC). IEEE, 2016, pp. 958–967.

    Google Scholar 

  29. R. Saravanan, S. Shanmuganathan, and Y. Palanichamy, “Behavior-based detection of application layer distributed denial of service attacks during flash events,” Turkish Journal of Electrical Engineering & Computer Sciences, vol. 24, no. 2, pp. 510–523, 2016.

    CrossRef  Google Scholar 

  30. A. Bhandari, A. L. Sangal, and K. Kumar, “Characterizing flash events and distributed denial-of-service attacks: an empirical investigation,” Security and Communication Networks, 2016.

    Google Scholar 

  31. D. Senie and P. Ferguson, “Network ingress filtering: Defeating denial of service attacks which employ ip source address spoofing,” Network, 1998.

    Google Scholar 

  32. K. Park and H. Lee, “On the effectiveness of route-based packet filtering for distributed dos attack prevention in power-law internets,” in ACM SIGCOMM computer communication review, vol. 31, no. 4. ACM, 2001, pp. 15–26.

    Google Scholar 

  33. J. Li, J. Mirkovic, M. Wang, P. Reiher, and L. Zhang, “Save: Source address validity enforcement protocol,” in INFOCOM 2002. Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE, vol. 3. IEEE, 2002, pp. 1557–1566.

    Google Scholar 

  34. T. Peng, C. Leckie, and K. Ramamohanarao, “Protection from Distributed Denial of Service Attacks Using History-based IP Filtering,” in IEEE International Conference on Communications, 2003. ICC’03, 2003, pp. 482–486.

    Google Scholar 

  35. Y. Kim, W. C. Lau, M. C. Chuah, and H. J. Chao, “Packetscore: a statistics-based packet filtering scheme against distributed denial-of-service attacks,” IEEE transactions on dependable and secure computing, vol. 3, no. 2, pp. 141–155, 2006.

    CrossRef  Google Scholar 

  36. X. Liu, X. Yang, and Y. Lu, “Stopit: Mitigating dos flooding attacks from multi-million botnets,” Technical Report 08-05, UC Irvine, Tech. Rep., 2008.

    Google Scholar 

  37. A. Saifullah, “Defending against distributed denial-of-service attacks with weight-fair router throttling,” 2009.

    Google Scholar 

  38. M. A. Saleh and A. Abdul Manaf, “A novel protective framework for defeating http-based denial of service and distributed denial of service attacks,” The Scientific World Journal, vol. 2015, 2015.

    Google Scholar 

  39. E. Y. M. Muharish, “Packet filter approach to detect denial of service attacks,” 2016.

    Google Scholar 

  40. K. Kalkan and F. Alagöz, “A distributed filtering mechanism against ddos attacks: Scoreforcore,” Computer Networks, vol. 108, pp. 199–209, 2016.

    CrossRef  Google Scholar 

  41. T. Gil and M. Poletto, MULTOPS: a data-structure for bandwidth attack detection. Defense Technical Information Center, 2001.

    Google Scholar 

  42. L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, “Statistical Approaches to DDoS Attack Detection and Response,” in DARPA Information Survivability Conference and Exposition, 2003. Proceedings, vol. 1. IEEE, 2003, pp. 303–314.

    Google Scholar 

  43. A. Akella, A. Bharambe, M. Reiter, and S. Seshan, “Detecting ddos attacks on isp networks,” in Proceedings of the Twenty-Second ACM SIGMOD/PODS Workshop on Management and Processing of Data Streams. Citeseer, 2003, pp. 1–3.

    Google Scholar 

  44. S. Jin and D. S. Yeung, “A covariance analysis model for ddos attack detection,” in Communications, 2004 IEEE International Conference on, vol. 4. IEEE, 2004, pp. 1882–1886.

    Google Scholar 

  45. J. Mirkovic and P. Reiher, “D-ward: a source-end defense against flooding denial-of-service attacks,” IEEE transactions on Dependable and Secure Computing, vol. 2, no. 3, pp. 216–232, 2005.

    CrossRef  Google Scholar 

  46. Y. Chen, K. Hwang, and W.-S. Ku, “Collaborative detection of ddos attacks over multiple network domains,” Parallel and Distributed Systems, IEEE Transactions on, vol. 18, no. 12, pp. 1649–1662, 2007.

    CrossRef  Google Scholar 

  47. K. Lu, D. Wu, J. Fan, S. Todorovic, and A. Nucci, “Robust and efficient detection of ddos attacks for large-scale internet,” Computer Networks, vol. 51, no. 18, pp. 5036–5056, 2007.

    CrossRef  Google Scholar 

  48. J. François, I. Aib, and R. Boutaba, “Firecol: a collaborative protection network for the detection of flooding ddos attacks,” IEEE/ACM Transactions on Networking (TON), vol. 20, no. 6, pp. 1828–1841, 2012.

    CrossRef  Google Scholar 

  49. G. Nychis, V. Sekar, D. G. Andersen, H. Kim, and H. Zhang, “An empirical evaluation of entropy-based traffic anomaly detection,” in Proceedings of the 8th ACM SIGCOMM conference on Internet measurement. ACM, 2008, pp. 151–156.

    Google Scholar 

  50. B. M. Tellenbach, “Detection, classification and visualization of anomalies using generalized entropy metrics,” Ph.D. dissertation, ETH ZURICH, 2012.

    Google Scholar 

  51. F. Wang, H. Wang, X. Wang, and J. Su, “A new multistage approach to detect subtle ddos attacks,” Mathematical and Computer Modelling, vol. 55, no. 1, pp. 198–213, 2012.

    CrossRef  MathSciNet  Google Scholar 

  52. S. Bhatia, D. Schmidt, and G. Mohay, “Ensemble-based ddos detection and mitigation model,” in Proceedings of the Fifth International Conference on Security of Information and Networks. ACM, 2012, pp. 79–86.

    Google Scholar 

  53. X. Ma and Y. Chen, “Ddos detection method based on chaos analysis of network traffic entropy,” Communications Letters, IEEE, vol. 18, no. 1, pp. 114–117, 2014.

    CrossRef  Google Scholar 

  54. J.-H. Jun, D. Lee, C.-W. Ahn, and S.-H. Kim, “Ddos attack detection using flow entropy and packet sampling on huge networks,” of: ICN, pp. 185–190, 2014.

    Google Scholar 

  55. A. Spognardi, A. Villani, D. Vitali, L. V. Mancini, and R. Battistoni, “Large-scale traffic anomaly detection: Analysis of real netflow datasets,” in E-Business and Telecommunications. Springer, 2014, pp. 192–208.

    Google Scholar 

  56. I. Basicevic, S. Ocovaj, and M. Popovic, “Use of tsallis entropy in detection of syn flood dos attacks,” Security and Communication Networks, vol. 8, no. 18, pp. 3634–3640, 2015.

    CrossRef  Google Scholar 

  57. S. Bhatia, “Detecting distributed denial-of-service attacks and flash events,” Ph.D. dissertation, Queensland University of Technology, 2013.

    Google Scholar 

  58. P. Sangkatsanee, N. Wattanapongsakorn, and C. Charnsripinyo, “Practical real-time intrusion detection using machine learning approaches,” Computer Communications, vol. 34, no. 18, pp. 2227–2235, 2011.

    CrossRef  Google Scholar 

  59. O. Joldzic, Z. Djuric, and P. Vuletic, “A transparent and scalable anomaly-based dos detection method,” Computer Networks, vol. 104, pp. 27–42, 2016.

    CrossRef  Google Scholar 

  60. H. Beitollahi and G. Deconinck, “Tackling application-layer ddos attacks,” Procedia Computer Science, vol. 10, pp. 432–441, 2012.

    CrossRef  Google Scholar 

  61. H. Beitollahi, G. Deconinck, “Connectionscore: a statistical technique to resist application-layer ddos attacks,” Journal of Ambient Intelligence and Humanized Computing, vol. 5, no. 3, pp. 425–442, 2014.

    CrossRef  Google Scholar 

  62. T. Ni, X. Gu, H. Wang, and Y. Li, “Real-time detection of application-layer ddos attack using time series analysis,” Journal of Control Science and Engineering, vol. 2013, p. 4, 2013.

    CrossRef  Google Scholar 

  63. K. Lee, J. Kim, K. H. Kwon, Y. Han, and S. Kim, “Ddos attack detection method using cluster analysis,” Expert Systems with Applications, vol. 34, no. 3, pp. 1659–1665, 2008.

    CrossRef  Google Scholar 

  64. A. Chonka, J. Singh, and W. Zhou, “Chaos theory based detection against network mimicking ddos attacks,” IEEE Communications Letters, vol. 13, no. 9, 2009.

    CrossRef  Google Scholar 

  65. Z. Xia, S. Lu, J. Li, and J. Tang, “Enhancing ddos flood attack detection via intelligent fuzzy logic,” Informatica, vol. 34, no. 4, 2010.

    Google Scholar 

  66. R. Karimazad and A. Faraahi, “An anomaly-based method for ddos attacks detection using rbf neural networks,” in Proceedings of the International Conference on Network and Electronics Engineering, 2011, pp. 16–18.

    Google Scholar 

  67. D. Das, U. Sharma, and D. Bhattacharyya, “Detection of http flooding attacks in multiple scenarios,” in Proceedings of the 2011 international conference on communication, computing & security. ACM, 2011, pp. 517–522.

    Google Scholar 

  68. S. N. Shiaeles, V. Katos, A. S. Karakos, and B. K. Papadopoulos, “Real time ddos detection using fuzzy estimators,” computers & security, vol. 31, no. 6, pp. 782–790, 2012.

    CrossRef  Google Scholar 

  69. S. Y. Dorbala, R. Kishore, and N. Hubballi, “An experience report on scalable implementation of ddos attack detection,” in International Conference on Advanced Information Systems Engineering. Springer, 2015, pp. 518–529.

    Google Scholar 

  70. R. K. Chang, “Defending against flooding-based distributed denial-of-service attacks: a tutorial,” IEEE communications magazine, vol. 40, no. 10, pp. 42–51, 2002.

    CrossRef  Google Scholar 

  71. H. Burch and B. Cheswick, “Tracing anonymous packets to their approximate source,” in LISA, 2000, pp. 319–327.

    Google Scholar 

  72. S. Savage, D. Wetherall, A. Karlin, and T. Anderson, “Network support for ip traceback,” IEEE/ACM transactions on networking, vol. 9, no. 3, pp. 226–237, 2001.

    CrossRef  Google Scholar 

  73. D. Dean, M. Franklin, and A. Stubblefield, “An algebraic approach to ip traceback,” ACM Transactions on Information and System Security (TISSEC), vol. 5, no. 2, pp. 119–137, 2002.

    CrossRef  Google Scholar 

  74. B. Al-Duwairi and M. Govindarasu, “Novel hybrid schemes employing packet marking and logging for ip traceback,” IEEE Transactions on Parallel and Distributed Systems, vol. 17, no. 5, pp. 403–418, 2006.

    CrossRef  Google Scholar 

  75. S. Yu, W. Zhou, R. Doss, and W. Jia, “Traceback of ddos attacks using entropy variations,” IEEE Transactions on Parallel and Distributed Systems, vol. 22, no. 3, pp. 412–425, 2011.

    CrossRef  Google Scholar 

  76. Y.-C. Wu, H.-R. Tseng, W. Yang, and R.-H. Jan, “Ddos detection and traceback with decision tree and grey relational analysis,” International Journal of Ad Hoc and Ubiquitous Computing, vol. 7, no. 2, pp. 121–136, 2011.

    CrossRef  Google Scholar 

  77. V. S. Rajam, G. Selvaram, M. PradeepKumar, and S. M. Shalinie, “Autonomous system based traceback mechanism for ddos attack,” in Advanced Computing (ICoAC), 2013 Fifth International Conference on. IEEE, 2013, pp. 164–171.

    Google Scholar 

  78. K. Singh, P. Singh, and K. Kumar, “A systematic review of ip traceback schemes for denial of service attacks,” Computers & Security, vol. 56, pp. 111–139, 2016.

    CrossRef  Google Scholar 

  79. S. Floyd and K. Fall, “Router mechanisms to support end-to-end congestion control,” Technical report, February 1997. URL” http://wwwnrg.ee.lbl.gov/floyd/end2end-paper.html, Tech. Rep., 1997.

  80. R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, “Controlling High Bandwidth Aggregates in the Network,” ACM SIGCOMM Computer Communication Review, vol. 32, no. 3, p. 73, 2002.

    CrossRef  Google Scholar 

  81. G. Zhang and M. Parashar, “Cooperative defence against ddos attacks,” Journal of Research and Practice in Information Technology, vol. 38, no. 1, pp. 69–84, 2006.

    Google Scholar 

  82. X. Wang, “Mitigation of ddos attacks through pushback and resource regulation,” in MultiMedia and Information Technology, 2008. MMIT’08. International Conference on. IEEE, 2008, pp. 225–228.

    Google Scholar 

  83. S. R. Devi and P. Yogesh, “Detection of application layer ddos attacks using information theory based metrics,” CS & IT-CSCP, vol. 10, pp. 213–223, 2012.

    Google Scholar 

  84. B. Gupta, M. Misra, and R. C. Joshi, “An isp level solution to combat ddos attacks using combined statistical based approach,” arXiv preprint arXiv:1203.2400, 2012.

    Google Scholar 

  85. W. Wei, F. Chen, Y. Xia, and G. Jin, “A rank correlation based detection against distributed reflection dos attacks,” IEEE Communications Letters, vol. 17, no. 1, pp. 173–175, 2013.

    CrossRef  Google Scholar 

  86. W. Zhou, W. Jia, S. Wen, Y. Xiang, and W. Zhou, “Detection and defense of application-layer ddos attacks in backbone web traffic,” Future Generation Computer Systems, vol. 38, pp. 36–46, 2014.

    CrossRef  Google Scholar 

  87. H. Bedi, S. Roy, and S. Shiva, “Mitigating congestion based dos attacks with an enhanced aqm technique,” Computer Communications, vol. 56, pp. 60–73, 2015.

    CrossRef  Google Scholar 

  88. Y. Cui, L. Yan, S. Li, H. Xing, W. Pan, J. Zhu, and X. Zheng, “Sd-anti-ddos: Fast and efficient ddos defense in software-defined networks,” Journal of Network and Computer Applications, vol. 68, pp. 65–79, 2016.

    CrossRef  Google Scholar 

  89. S. Behal, K. Kumar, and M. Sachdeva, “D-face: An anomaly based distributed approach for early detection of ddos attacks and flash events,” Journal of Network and Computer Applications, 2018.

    Google Scholar 

  90. S. Behal, K. Kumar, and M. Sachdeva, “D-fac: A novel ϕ-divergence based distributed ddos defense system,” Journal of King Saud University-Computer and Information Sciences, 2018.

    Google Scholar 

  91. “Twitter, Amazon, other top websites shut in cyber attack,” https://ddosattacks.net/twitter-amazon-other-top-websites-shut-in-cyber-attack/, 2016, [Online; accessed 25-Aug-2017].

  92. Poneman, “Evaluating the cost of a ddos attack,” http://23.235.200.57/~pcninc5/wp-content/uploads/2014/06/Evaluating-The-Cost-of-A-DDoS-Attack.pdf, Dyn, Tech. Rep., 2016, [Online; accessed 25-Aug-2017].

  93. Arbor, “Arbor network wisr report https://www.arbornetworks.com/images/documents/wisr2016enweb.pdf,” Arbor Networks, Tech. Rep., 2017. [Online]. Available: https://www.arbornetworks.com/images/documents/WISR2016ENWeb.pdf

  94. “Ddos attacks, iot, and the future of it security,” https://medium.com/ibm-journal/ddos-attacks-iot-and-the-future-of-it-security-b57975dd1b74, 2016.

  95. D. Kreutz, F. Ramos, and P. Verissimo, “Towards secure and dependable software-defined networks,” in Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. ACM, 2013, pp. 55–60.

    Google Scholar 

  96. S. Sezer, S. Scott-Hayward, P. K. Chouhan, B. Fraser, D. Lake, J. Finnegan, N. Viljoen, M. Miller, and N. Rao, “Are we ready for sdn? implementation challenges for software-defined networks,” IEEE Communications Magazine, vol. 51, no. 7, pp. 36–43, 2013.

    CrossRef  Google Scholar 

  97. B. A. A. Nunes, M. Mendonca, X.-N. Nguyen, K. Obraczka, and T. Turletti, “A survey of software-defined networking: Past, present, and future of programmable networks,” IEEE Communications Surveys & Tutorials, vol. 16, no. 3, pp. 1617–1634, 2014.

    CrossRef  Google Scholar 

  98. W. Li, W. Meng et al., “A survey on openflow-based software defined networks: Security challenges and countermeasures,” Journal of Network and Computer Applications, vol. 68, pp. 126–139, 2016.

    CrossRef  Google Scholar 

  99. M. Crosby, P. Pattanayak, S. Verma, and V. Kalyanaraman, “Blockchain technology: Beyond bitcoin,” Applied Innovation, vol. 2, pp. 6–10, 2016.

    CrossRef  Google Scholar 

  100. I. Ahmed, V. Roussev, W. Johnson, S. Senthivel, and S. Sudhakaran, “A SCADA system testbed for cybersecurity and forensic research and pedagogy,” in Proceedings of the 2nd Annual Industrial Control System Security Workshop, ser. ICSS ‘16. New York, NY, USA: ACM, 2016, pp. 1–9. [Online]. Available: http://doi.acm.org/10.1145/3018981.3018984

  101. I. Ahmed, S. Obermeier, M. Naedele, and G. G. R. III, “SCADA Systems: Challenges for Forensic Investigators,” Computer, vol. 45, no. 12, pp. 44–51, Dec 2012.

    CrossRef  Google Scholar 

  102. I. Ahmed, S. Obermeier, S. Sudhakaran, and V. Roussev, “Programmable Logic Controller Forensics,” IEEE Security Privacy, vol. 15, no. 6, pp. 18–24, November 2017.

    CrossRef  Google Scholar 

  103. I. Ahmed, “Supervisory Control and Data Acquisition (SCADA) Forensics: Network Traffic Analysis for Extracting a Programmable Logic Controller (PLC) System and Programming Logic Files,” in Proceedings of the 69th Annual Meeting of the American Academy of Forensic Sciences, ser. AAFS ‘17. AAFS, 2017.

    Google Scholar 

  104. N. Kush, E. Foo, E. Ahmed, I. Ahmed, and A. Clark, “Gap analysis of intrusion detection in smart grids,” in Proceedings of the 2nd International Cyber Resilience Conference, ser. ICRC ‘11. Australia: secau-Security Research Centre, 2011, pp. 38–46.

    Google Scholar 

  105. “ICS CERT Advisory (ICSA-14-303-02) on Elipse SCADA DNP3 Denial of Service,” https://ics-cert.us-cert.gov/advisories/ICSA-14-303-02, 2018.

  106. S. Senthivel, I. Ahmed, and V. Roussev, “SCADA Network Forensics of the PCCC Protocol,” Digit. Investig., vol. 22, no. S, pp. S57–S65, Aug. 2017.

    CrossRef  Google Scholar 

  107. S. Senthivel, S. Dhungana, H. Yoo, I. Ahmed, and V. Roussev, “Denial of Engineering Operations Attacks in Industrial Control Systems,” in Proceedings of the 8th ACM Conference on Data and Applications Security and Privacy (CODASPY), 2018.

    Google Scholar 

  108. “ICS CERT Advisory (ICSA-16-299-01) on Siemens SICAM,” https://ics-cert.us-cert.gov/advisories/ICSA-16-299-01, 2018.

  109. “ICS CERT Advisory (ICSA-15-202-01) on Siemens SIPROTEC Denial-of-Service Vulnerability,” https://ics-cert.us-cert.gov/advisories/ICSA-15-202-01, 2018.

  110. S. Bhatia, N. Kush, C. Djamaludin, J. Akande, and E. Foo, “Practical modbus flooding attack and detection,” in Proceedings of the Twelfth Australasian Information Security Conference-Volume 149. Australian Computer Society, Inc., 2014, pp. 57–65.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing, Sacred Heart University, Fairfield, CT, USA

    Sajal Bhatia

  2. Department of Computer Science, Shaheed Bhagat Singh State Technical Campus, Ferozepur, Punjab, India

    Sunny Behal

  3. Department of Computer Science, University of New Orleans, New Orleans, LA, USA

    Irfan Ahmed

Authors
  1. Sajal Bhatia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sunny Behal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Irfan Ahmed
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sajal Bhatia .

Editor information

Editors and Affiliations

  1. Department of Mathematics, University of Padua, Padua, Italy

    Prof. Mauro Conti

  2. Department of Computer Science and Engineering, Central University of Rajasthan, Ajmer, India

    Prof. Gaurav Somani

  3. Department of Electrical Engineering, University of Washington, Seattle, WA, USA

    Prof. Radha Poovendran

Rights and permissions

Reprints and Permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Bhatia, S., Behal, S., Ahmed, I. (2018). Distributed Denial of Service Attacks and Defense Mechanisms: Current Landscape and Future Directions. In: Conti, M., Somani, G., Poovendran, R. (eds) Versatile Cybersecurity. Advances in Information Security, vol 72. Springer, Cham. https://doi.org/10.1007/978-3-319-97643-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-97643-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-97642-6

  • Online ISBN: 978-3-319-97643-3

  • eBook Packages: Computer ScienceComputer Science (R0)

search

Navigation