A Recent Survey on DDoS Attacks and Defense Mechanisms

  • A. Srivastava
  • B. B. Gupta
  • A. Tyagi
  • Anupama Sharma
  • Anupama Mishra
Part of the Communications in Computer and Information Science book series (CCIS, volume 203)


Distributed Denial-of-service (DDoS) attack is one of the most dangerous threats that could cause devastating effects on the Internet. DDoS mainly started in 1998 but the influence of it was realized by the people only when the big organizations and corporations were hit by DDoS attacks in July 1999. Since then several DDoS attack tools such as Trinoo, Shaft, Tribe flood network (TFN), Tribe flood network 2000 (TFN2K) and Stacheldraht are identified and analyzed. All these tools could launch DDoS attacks from thousands of compromised host and take down virtually any connection, any network on the Internet by just a few command keystrokes. This survey paper deals with the introduction of DDoS attacks, DDoS attack history and incidents, DDoS attack strategy, DDoS attack tools, and classification of various attack and defense mechanisms. Finally, direction for future research work has been pointed out.


Legitimate User Edge Router Service Attack Target Machine Internet Relay Chat 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Leiner, B.M., Cerf, V.G.: A Brief History of the Internet,
  2. 2.
    Gupta, B.B., Joshi, R.C., Misra, M.: Defending against Distributed Denial of Service Attacks: Issues and Challenges. Information Security Journal: A Global Perspective 18(5), 224–247 (2009)Google Scholar
  3. 3.
    Gupta, B.B., Misra, M., Joshi, R.C.: An ISP level Solution to Combat DDoS attacks using Combined Statistical Based Approach. International Journal of Information Assurance and Security (JIAS) 3(2), 102–110 (2008)Google Scholar
  4. 4.
    Mills, E.: Radio Free Europe DDOS attack latest by activists (May 2008),, CNET News
  5. 5.
    Vamosi, R.: Study: DDoS attacks threaten ISP infrastructure (November 2008), CNET News
  6. 6.
    Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communications Review 34(2), 39–53 (2004)CrossRefGoogle Scholar
  7. 7.
    Prolexic Technologies, DDOS problem,
  8. 8.
    Gupta, B.B., Joshi, R.C., Misra, M.: Distributed Denial of Service Prevention Techniques. International Journal of Computer and Electrical Engineering (IJCEE) 2(2), 268–276 (2010) ISSN: 1793-8198CrossRefGoogle Scholar
  9. 9.
    The ISC Internet Domain Survey,
  10. 10.
    Internet World Stats, Internet User Statistics–The Big Picture: World Internet Users and Population Stats,
  11. 11.
    CERT Coordination Center, Denial of service attacks (March 2007),
  12. 12.
    Garber, L.: Denial-of-service attacks rip the Internet. IEEE Computer 33(4), 12–17 (2000)CrossRefGoogle Scholar
  13. 13.
    Moore, D., Voelker, G.M., Savage, S.: Inferring Internet denial-of-service activity. In: Proceedings of the 10th USENIX Security Symposium (August 2001)Google Scholar
  14. 14.
    Sachdeva, M., Singh, G., Kumar, K., Singh, K.: DDoS Incidents and their Impact: A Review. The International Arab Journal of Information Technology 7(1), 14–20 (2010)Google Scholar
  15. 15.
    Xiang, Y., Zhou, W., Chowdhury, M.: A Survey of Active and Passive Defense Mechanisms against DDoS Attacks. Technical Report, TR C04/02, School of Information Technology, Deakin University, Australia (2004)Google Scholar
  16. 16.
    Houle, K.J., Weaver, G.M.: Trends in Denial of Service Attack Technology, CERT (October 2001),
  17. 17.
    Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state of the art. Elsevier Science Direct Computer Networks 44, 643–666 (2004)CrossRefGoogle Scholar
  18. 18.
    Dittrich, D.: The DoS Project’s Trinoo Distributed Denial of Service attack tool, University of Washington (October 21, 1999),
  19. 19.
    Dittrich, D.: The Tribe Flood Network Distributed Denial of Service attack tool, University of Washington (October 21, 1999),
  20. 20.
    Barlow, J., Thrower, W.: TFN2K- An Analysis,” Axent Security Team (February 10, 2000),
  21. 21.
    Dittrich, D.:The Stacheldraht Distributed Denial of Service attack tool, University of Washington (December 1999),
  22. 22.
    Dittrich, D., Weaver, G., Dietrich, S., Long, N.: The Mstream distributed denial of service attack too (May 2000),
  23. 23.
    Bysin: Knight.c sourcecode, (July 11, 2001),
  24. 24.
    Hancock, B.: “Trinity v3, a DDoS tool,” hits the streets. Computers Security 19(7), 574 (2000)Google Scholar
  25. 25.
    Marchesseau, M.: Trinity-Distributed Denial of Service Attack Tool (September 11, 2000),
  26. 26.
    Gupta, B.B., Joshi, R.C., Misra, M.: Dynamic and Auto Responsive Solution for Distributed Denial-of-Service Attacks Detection in ISP Network. International Journal of Computer Theory and Engineering (IJCTE) 1(1), 71–80 (2009) ISSN: 1793-821XCrossRefGoogle Scholar
  27. 27.
    Molsa, J.: Mitigating denial of service attacks: A tutorial. Journal of Computer Security 13, 807–837 (2005)CrossRefGoogle Scholar
  28. 28.
    CERT, CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks (September 1996) Google Scholar
  29. 29.
    Azrina, R., Othman, R. (n.d.) Understanding the various types of denial of service attack,
  30. 30.
    Park, K., Lee, H.: On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law Internets. In: Proceedings of the ACM SIGCOMM 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 15–26. ACM Press, New York (2001)Google Scholar
  31. 31.
    Peng, T., Leckie, C., Ramamohanarao, K.: Protection from distributed denial of service attack using history-based IP filtering. In: Proceedings of IEEE International Conference on Communications (ICC 2003), Anchorage, AL, vol. 1, pp. 482–486 (2003)Google Scholar
  32. 32.
  33. 33.
    Roesch, M.: Snort-Lightweight Intrusion Detection for Networks. In: Proceedings of the USENIX Systems Administration Conference (LISA 1999), pp. 229–238 (November 1999)Google Scholar
  34. 34.
    Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. International Journal of Computer and Telecommunication Networking 31(24), 2435–2463 (1999)Google Scholar
  35. 35.
    Stone, R.: CenterTrack: An IP Overlay Network for Tracking DoS Floods. In: 9th Usenix Security Symposium, pp. 199–212 (August 2000)Google Scholar
  36. 36.
    Burch, H., Cheswick, B.: Tracing Anonymous Packets to Their Approximate Source. In: Proceedings of the 14th Systems Administration Conference (LISA 2000), New Orleans, Louisiana, USA (December 2000)Google Scholar
  37. 37.
    Bellovin, S.M.: ICMP Traceback Messages, Internet Draft, Network Working Group (2000) Google Scholar
  38. 38.
    Mankin, A., Massey, D., Wu, C.-L., Felix Wu, S., Zhang, L.: On Design and Evaluation of Intention-Driven ICMP Traceback. In: Proceedings of Computer Communications and Networks (2001)Google Scholar
  39. 39.
    Wang, B., Schulzrinne, H.: A Denial-of-Service-Resistant IP Traceback Approach. In: 3rd New York Metro Area Networking Workshop, NYMAN 2003 (2003)Google Scholar
  40. 40.
    Kumar, K., Joshi, R.C., Singh, K.: An Integrated Approach for Defending against Distributed Denial-of- Service (DDoS) Attacks. In: Proceedings of IRISS-2006, IIT Madras (2006),

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • A. Srivastava
    • 1
  • B. B. Gupta
    • 1
    • 2
  • A. Tyagi
    • 1
  • Anupama Sharma
    • 1
  • Anupama Mishra
    • 1
  1. 1.Department of Computer ScienceGraphic Era UniversityDehradunIndia
  2. 2.Department of Electronics and Computer EngineeringIndian Institute of Technology RoorkeeRoorkeeIndia

Personalised recommendations