Abstract
Distributed Denial-of-Service (DDoS) attacks overwhelm the critical resources of a target server in order to reject its services to the legitimate clients and attack mainly on the availability in the Confidentiality Integrity Availability (CIA) triad in Internet-based applications. In this paper, we analyze three major components of DDoS defense mechanisms such as DDoS detection, DDoS mitigation, and IP traceback. In the first step, we need to detect all DDoS attacks using any intrusion detection system to pinpoint the exact packet characteristics of the attack. We classify the attack traffic based on packet characteristics. The classification can lead to mitigate an attack. Mitigation scheme uses rate limits and filters the malicious packets. IP traceback is capable of tracing IP packets to their sources without depending upon source address field of the IP header. IP traceback mechanisms are used to identify true source address and to refuse spoofed IP addresses. Finally, in this paper we proposed a novel mechanism to defend DDoS attacks at network layer and application layer.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
http://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA.
http://www.omnisecu.com/ccnasecurity/types-of-network-attacks.php.
https://security.radware.com/…/DDoS_Handbook/DDoS_Handbook.pdf.
ShwetaTripathi, Brij Gupta, Ammar Almomani, Anupama Mishra, Suresh Veluru, Hadoop Based Defense Solution to Handle Distributed Denial of Service (DDoS) Attacks”, Journal of Information Security, 2013, 4, 150–164.
A. ALmomani, T.-C. Wan, B. B. Gupta, A. Altaher, E. A. Lmomani and S. Ramadass, “A Survey of Phishing Email Filtering Techniques,” IEEE Communications Surveys & Tutorials, Vol. PP, No. 99, 2013, pp. 1–21.
S. Zargar, J. Joshi and D. Tipper, “A Survey of Defense Mechanisms against Distributed Denial of Service (DDoS) Flooding Attacks,” Communications Surveys & Tutorials, IEEE, Vol. PP, No. 99, 2013, pp. 1–24. https://doi.org/10.1109/surv.2013.031413.001272011.
Global Application & Network Security Report: https://security.radware.com/WorkArea/DownloadAsset.aspx?id=795.
Monowar H. Bhuyan, H. J. Kashyap, D. K. Bhattacharyya and J. K. Kalita, “Detecting Distributed Denial of Service Attacks: Methods, Tools and Future Directions”, The computer Journal, 57 (4), 537–556.
P. Ferguson et al. RFC 2267. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. Technical report, The Internet Society, 1998.
SANS Institute. Egress filtering v 0.2, 2000. http://www.sans.org/y2k/egress.htm.
Eric Y. Chen* + and Akinori Yonezawa, “Practical Techniques for Defending against DDoS Attacks”, 2005 IEEE.
“Yang Xiang and Wanlei Zhou,” A Defense System Against DDoS Attacks by Large-Scale IP Traceback”, 2005 IEEE.
MULTOPS: a data-structure for bandwidth attack detection. Thomer M. Gil, Massimiliano Poletto. In the Proceedings of the 10th USENIX Security Symposium, Washington D.C., August 2001.
Vern Paxson, Steve Bellovin, Sally Floyd and Ratul Mahajan. Controlling high bandwidth aggregates in the network. Technical report.
Jelena Mirkovic, Peter Reiher, Gregory Prier. Attacking DDoS at the source. International Conference on Network protocols, 2002.
David Yau, John C. S. Lui, Feng Liang. Defending against distributed denial of service attacks using max-min fair server centric router throttles. IEEE international conference on Quality of Service. 2002.
Vern Paxson, Steve Bellovin, John Ioannidis, Kireete Kompella, Sally Floyd and Ratul Mahajan. Pushback messages for controlling high bandwidth aggregates in the network. Internet Draft, work in progress.
https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Dayanandam, G., Rao, T.V., Bujji Babu, D., Nalini Durga, S. (2019). DDoS Attacks—Analysis and Prevention. In: Saini, H., Sayal, R., Govardhan, A., Buyya, R. (eds) Innovations in Computer Science and Engineering. Lecture Notes in Networks and Systems, vol 32. Springer, Singapore. https://doi.org/10.1007/978-981-10-8201-6_1
Download citation
DOI: https://doi.org/10.1007/978-981-10-8201-6_1
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-8200-9
Online ISBN: 978-981-10-8201-6
eBook Packages: EngineeringEngineering (R0)