ISSN ONLINE(2320-9801) PRINT (2320-9798)
Anup Ranekar1, A. R. Bhagat Patil2
|
Related article at Pubmed, Scholar Google |
Visit for more related articles at International Journal of Innovative Research in Computer and Communication Engineering
The Denial of Service (DOS) attacks hinder the availability of service to the genuine client from the server. The DOS attacks can cause severe damage to the interconnected systems such as web servers, database servers, cloud computing servers, etc. This paper surveys the different defense mechanisms available for the denial of service attacks.
KEYWORDS |
Denial of Service (DOS), defense mechanisms, network security |
I. INTRODUCTION |
The network security is major concern in today’s world of interconnected networks. Attack on one node can cause severe impact on other nodes in a network thereby forcing network traffic to behave abnormally. Different types of attacks are experienced by the server frequently that hampers the performance of server in the network. Denial of Service attack (DOS) is one of the most difficult issues to address. In DOS attacks, the attackers consume all of the computing or communicating resources that are required to provide the internet services. They misguide the server by appearing as a legal entity in the network. The attackers require a very few resources and bandwidth for execution. Such DOS attacks can bring down a web server irrespective of its hardware capabilities. Unfortunately, as a result, the legitimate users could not get the services they needed from the server. Hence it is important to inspect the network traffic for the malicious or infected packets. The malicious packets should be separated from the normal ones in order to make services available to the legitimate users or clients. Various defense mechanisms for DOS attacks are proposed. The brief overview of defense mechanisms is given in the next section. |
II. DEFENSE MECHANISMS SURVEY |
The DOS defense mechanism uses various approaches to tackle the DOS attacks. Some of the approaches are surveyed are as follows: |
Denial of Service attacks on servers is the major concern of network security in today’s world. The DOS attacks aims at the HTTP request of the clients. The traffic sampling is a technique that bifurcate the network traffic on the basis of parameters such as number, average length of flow, identifying the traffic of interest, etc. Jianpeng Zhao, Shize Guo, Kangfeng Zheng, Xinxin Niu, Yao Jiang [1] use traffic sampling which samples arrived HTTP requests and registers the information of traffic characteristics by scheduled rules. The information such as source IP, source port, destination IP, destination port, protocol type, start and end time of the HTTP request packet is registered. With the help of the registered information the attacking traffic is classified by measuring the accessing time content. Zhiyuan Tan, Aruna Jamdagni, Xiangjian He, Priyadarsi Nanda, Ren Ping Liu [9] uses Multivariate Correlation Analysis (MCA) for accurate network traffic characterization by extracting the geometrical correlations between network traffic features. Sample-by-sample detection method is used for tackling the DOS attacks. Moreover the traffic can behave falsepositive or false-negative to confuse the server, need to detect and mitigate such type of behavior of network traffic. Huizhong Sun, Wingchiu Ngan, H. Jonathan Chao [3] proposes a Rateguard system that deals with such types of attacks based on leaky-bucket based rate control technique. Cornel Barna, Mark Shtern, Michael Smit, Vassilios Tzerpos, Marin Litoiu [25] use false-positive and false-negative rates for mitigating the model-based attacks. |
Authentication is one of the major issues for the server to decide the legitimate user. Client puzzles helps server for authentication and association. Server sends the puzzle to the requesting client, after solving the puzzle successfully client is able to access the services on the server. The puzzle should be time dependent so that client can get only limited time to solve it. Zhang Laishun, Zhang Minglei, GuoYuanbo [4] proposes a lightweight mechanism to defend against DoS attacks on 802.11 networks. Client puzzles are implemented on the access points in WLAN’s in order to defend the resource depletion attacks. Yaohui Lei, Samuel Pierre, Alejandro Quintero [5] proposes client puzzles based on partial collisions in hash functions. Due to which the fine-grained control over the puzzles is possible which is useful for the access control. Mudhakar Srivatsa, Arun Iyengar, Jian Yin and Ling Liu [26] proposed a client transparent technique. They embedded an authentication code in the port number field of TCP packet and used IP level filtering to counter the DOS attacks. |
The DOS attacks also aims at the TCP, ICMP, UDP, etc. Mostly the flood attacks are sent on them. Thresholds are used to detect such type of flood attacks and defend against them. Alberto Compagno, Mauro Conti, Paolo Gasti, Gene Tsudik [6] proposes a Poseidon framework which mitigates the distributed denial of service attacks. Interest flooding in named data networks (NDN) which exploits the key architectural features of NDN is mitigated by setting up the threshold which limits the rate of incoming interests from the interface. Chin-Ling Chen, Chih-Yu Chang [8] implements a two-tier coordinated defense scheme against distributed denial of service attacks which uses flood detection by threshold and online monitoring is done. Katerina Argyraki and David R. Cheriton [41] presented a network layer defense against internet bandwidth flood attacks. They propose an AITF protocol which does the network layer filtering and effectively tackles the flooding attacks. Yu Ming [43] also proposed a defense mechanism for SYN flooding attacks. He calculated the probabilities of establishment of successful connections and builds an analytical model that drops the flood based on the calculated probabilities. Vahid Aghaei Foroushani and A. Nur Zincir-Heywood [49] uses the spoofed IP addresses for their trace back based defense mechanism against the DDOS flooding attacks. Tian Zhihong, Jiang Wei, Wu Zhen and Zou Xin [47] used the rate limiter scheme for defending the DDOS attacks. Cliff C. Zou, Nick Duffield, Don Towsley and Weibo Gong [30] presented an adaptive defense system against the SYN flood DDOS attack. Hop count filtering is used for mitigating the SYN flood DDOS attack. Also they used probabilistic marking against internet worm infection. |
Packet fields are used to inspect the malicious packets and also the flow table can be generated from the packets to handle the incoming attacks from the hacker. Jalal Atoum, Omar Faisal [11] uses packet reflector and a graveyard that drops the malicious packets after confirming through the detection analysis and traffic controlling phases. Ahmad Sanmorino, Setiadi Yazid [12] uses the flow pattern of the packets to mitigate the DDoS attacks. Ritu Maheshwari, Dr. C. Rama Krishna, Mr. M. Sridhar Brahma [13] uses a DPHCF-RTT technique which is probability-based packet filtering technique against IP spoofing based distributed DOS attacks. Biswa Ranjan, Swain and Bibhudatta Sahoo [23] uses more probabilistic approach for mitigating distributed DOS attacks based on TTL hop count filtering. Bharathi KrishnaKumar, P. Krishna Kumar, Prof. Dr. R. Sukanesh [17] hop count based packet processing approach to counter the DDos attacks. Changwang Zhang, Jianping Yin, and Zhiping Cai [2] proposed a Resilient SFB (RSFB) algorithm against spoofing DDoS attacks. Moreover Linlin Qin, Yong-ping Zhang, Qing Chang [18] employed a probabilistic packet marking and deterministic packet marking schemes for defense mechanisms. Ashok Singh Sairam, Ashish Subramaniam and Gautam Baruaand [40] proposed a single packet filtering technique that is based on DERM (deterministic edge marking). For providing the authentication for secure transmission of the information, hash chains are used. Ruiliang Chen, Jung-Min Park and Randolph Marchany [36] proposed a defense mechanism based on divide and conquer strategy for the DDOS attacks. They implemented a model that uses both pushback and packet marking concepts. |
Network processor’s ability to process the large number of network traffic can be used to control the network traffic. Li Xinlei, Zheng Kangfeng and Yang Yixian [45] used the same concept and proposed the defense scheme based on the network processor. The mechanism utilizes the processing ability of network processor to divide traffic into the different types and then uses QoS mechanism for stable communication. Thomas Dubendorfer, Matthias Bossardt and Bernhard Plattner [31] used the capability of network traffic processing device and proposed an adaptive distributed traffic controlling system for mitigating the DDOS attacks. |
The DDoS attacks are more serious and to respond to this threat it is important to test and evaluate such attacks. Testbeds can be used for the testing and evaluation of DDoS attacks. Song Ning, Qiu Han [19] describes the design and implementation of DDoS attack defense testbed. OPNET and VMware workstation are used in co-simulation for the attacking and defending method. B.S. Kiruthika Devi, G. Preetha, S. Mercy Shalinie [20] proposed an Interface Based Rate Limiting (IBRL) algorithm that mitigates the DDoS attacks. The implementation is carried out on an experimental testbed build up on Linux machines and Virtual routers. |
Routers can be used in order to mitigate the DOS attacks far from the server so the network traffic cannot grow at the server end. D. Yau, J. Lui, and F. Liang [16] proposed a router throttle mechanism which is installed at the routers that are close to the victim. These routers proactively regulate the incoming packets to a moderate level, thus reducing the amount of the flooding traffic toward the victim. Haining Wang and Kang G. Shin [21] proposes a protection mechanism based on transport aware routers. A fine grained quality of service (QoS) classifier is used that effectively reduces the vulnerability of DDoS attacks by differentiation and isolation of the resources. Md. Khamruddin and Dr Ch. Rupa [37] proposed a rule –based DDOS mitigation scheme that uses the upstream routers. The upstream routers are used to control the network traffic. They focus on forwarding the normal traffic to the legitimate machines and drop the abnormal traffic. Nam-Seok Ko, Sung-Kee Noh, Jong-Dae Park, Soon-Seok Lee and Hong-Shik Park [32] proposed an anti-DDOS mechanism. They added an authorization flag to the flow state information and control the traffic according to authorization status in a flow based routing. |
IP traceback technique can be used in order to defend the DOS attacks. Most of the IP traceback techniques are proposed are based on packet marking and logging. S. Malliga and Dr. A. Tamilarasi [38] presented a deterministic packet marking scheme that keeps track of the routers in the network that involved in the packet forwarding and marks them with modulo division. This scheme needs very low packet logging. Yang Xiang and Wanlei Zhou [46] used a large scale IP traceback defense mechanism system. They proposed a flexible deterministic packet marking as a countermeasure for the DDOS attacks. Schedulling can be used to mitigate the DOS attacks. Euijin Choo, Heejo Lee and Wan Yeon Lee [39] proposed a defense mechanism for motion based DOS attacks. They used dynamic multimedia scheduling scheme. The multimedia applications with multiple queues are also handled by two queue schedulers. Fei Wang, Xiaofeng Hu, Xiaofeng Wang, Jinshu Su and Xicheng Lu [27] analyzed the traffic patterns and their relationship with the DDOS attacks. Depend on this analysis, they estimate traffic aggregates and used them for unfair rate limiting against DDOS attacks. Nen-Fu Huang, Chia-Nan Kao, Hsien-Wei Hun, Gin-Yuan Jai and Chia-Lin Lin [28] used data mining for in-depth network security. They employed data mining for analyzing the alerts from the system and accordingly they set thresholds to counter the DDOS attacks. Xiaosong Lou, Kai Hwang and Yue Hu [29] proposed an AIP protocol to tackle the DDOS attacks in peer to peer networks. They enhanced the file indexing with peer accountability to defend the index poisoning attacks. |
Security in virtual networks is an important issue. Chun-Jen Chung, Pankaj Khatkar, Tianyi Xing, Jeongkeun Lee and Dijiang Huang [10] proposes a intrusion detection system that uses virtual topology attack graphs to counter the attacks in clouds. On the basis of attack graphs the countermeasures can be created in terms of cost, intrusiveness and effectiveness. Jerome Francois and Issam Aib [22] uses a FireCol mechanism for detecting the attacks and proposed the virtual protection shields for mitigating the attacks by blocking the attack related source IP’s. |
Many address-switch protocols are presented for limiting the effectiveness of DOS attacks. Shim6 is one example of such address switching protocols. Xiangbin Cheng, Jun Bi and Xing Li [42] proposed a swing defense mechanism based on shim6. As soon as the malicious traffic is detected, the server automatically changes its address. False data injection attacks can prove fatal to the systems which are related to the security. Suzhi Bi and Ying Jun(Angela) Zhang [48] presented graphical methods for the false injection attacks. They implemented the algorithms based on variant Steiner tree. Qingyu Yang, Jie Yang, Wei Yu, Dou An, Nan Zhang and Wei Zhao [50] proposed spatial and temporal based detection schemes for false data injection attacks. Markus Goldstein, Christoph Lampert, Matthias Reif, Armin Stahl and Thomas Breuel [33] used history based IP filtering. They used Bayes optimal filtering of network packets to mitigate the DDOS attacks. |
Mohit Mehta, Kanika Thapar, George Oikonomou and Jelena Mirkovic [34] combined two defense systems: Speak-up and DefCOM to countermeasure the DDOS attacks. Wei Ren, Hai Jin and Tenghong Liu [35] proposed defense scheme for mobile ad-hoc networks. They used packet receiving frequency, channel sensing busy frequency and retransmission times for detecting the abnormal packets and then they are dropped according to the threshold. It is the era of 3G cellular networks. New network architecture are designed and implemented efficiently. These new networks are susceptible to a new kind of DOS attacks. Zhizhong Wu, Xuehai Zhou and Feng Yang [44] proposed a randomization method for such type of attacks. They focused on the DOS signaling attacks by implying a randomization degree into the architecture of 3G networks. |
III. CONCLUSION |
The defense mechanisms for DOS attacks are reviewed in the literature review section. Some of them are good for direct attack, some of them are good of protocol attack, some of costly, or some of them complex or difficult in implantation. More efficient mechanisms can be built in terms of performance and time. |
References |
|