Distributed Denial of Service Attacks

In today’s internet era, one of the major threats and hardest security problems to address are Denial of Service (DoS) attacks. In particular of prime concern are DDoS attacks which are capable of multiplying the effectiveness of the DoS significantly. A DDoS attack has such a severe impact that it can easily exhaust the computing and communication resources of its victim within very short time with no advance warning. The goal of the paper is to study various structural approaches to DDoS problem by classifying DDoS attacks and developing various defense mechanisms. We focus upon various Intrusion Detection techniques that are deployed and compare their effectiveness along different parameters for their effectiveness in detecting novel attacks.

What we did?

We studied the different intrusion detection systems that can be deployed in the network to counter such novel attacks by learning their behavior over a period of time. The data mining approach constructed very accurate detection models based on audit data but failed to address novel attacks such as DoS. Merging audit data from different sites is still not possible due to legal constraints, so there is a need for correlation algorithms capable of merging alarms (i.e. detection outcomes) from different sources. The emergent self organizing maps were very powerful in producing efficient results with accuracy close to 99%. Its prime disadvantage of high computational cost was balanced by performing training process only once. The hybrid intelligent system incorporated the advantages of neural-network learning and fuzzy inference to address the problem of recognizing novel attacks accurately and efficiently.

One of the benefits of classifying DDoS attacks and defense mechanisms is that effective communication and cooperation between researchers can be achieved which will help in identifying additional weakness which might be exploited in future as explained by Jelena et al. There is also need for research community to develop common metrics and benchmarks for DDoS defense evaluation. [PDF]