Open Access  Subscription or Fee Access

Distributed Denial of Service (DDoS) attacks constitutes one of the most important threats and among the hardest security problems in today's Internet of particular concern are Distributed Denial of Service (DDoS) attacks, whose collision can be proportionally severe. A distributed denial of service (DDoS) attack is designed to overpower victims with traffic and put off their network resources from working correctly for their legitimate clients. Recently, there have been an increasing numbers of DDoS attacks against online services and Web applications.  The most common form of DDoS attacks is a packet-flooding attack, in which a large number of apparently legitimate TCP, User Datagram Protocol (UDP) or Internet Control Message Protocol (ICMP) packets are directed to a specific destination. With small or no prior warning, a DDoS attack can easily fatigue the computing and communication resources of its victim within a short period of time. Because of the seriousness of the problem many defense mechanisms have been proposed to conflict these attacks. This paper presents a survey of various DDoS attacks enforced on web applications as well as online services. Moreover, the paper also provides an outline of various defense mechanisms proposed earlier to counter the DDoS attacks. This paper also presents some fundamental ideas to design and develop a system that better handles the DDoS attacks

Bandwidth, Distributed Denial of Service (DDoS) attacks, Traffic Flow, Network Security, and Web Applications.

Jose Nazario, “DDoS attack evolution,” Journals on Network Security, no. 2, pp. 7-10, 2008.

C. Douligeris, and A. Mitrokotsa, “DDoS Attacks and Defense Mechanisms: Classification and State of the Art,” Computer Journal of Networks, vol. 44, no. 5, pp. 643-666, 2004.

J. Mirkovic, and P. Reiher, “A Taxonomy of DDoS Attack and DDoS Defense Mechanisms,” Computer Journal of ACM SIGCOMM, vol. 34, no. 2, pp. 39-53, 2004.

C. Chang, “Defending Against Flooding-Based Distributed Denial of Service Attacks: A Tutorial,” Computer Journal of IEEE Communication Magazine, vol. 40, no. 10, pp. 42-51, 2002.

J. Mirkovic, E. Arikan, S. Wei, R. Thomas, S. Fahmy, and P. Reiher, “Benchmarks for DDOS Defense Evaluation,” in Proceedings of Military Communications Conference, pp. 1-10, Washington, 2006.

Yang Xiang, and Wanlei Zhou, “Protecting web applications from DDoS attacks by an active distributed defense system,” International Journal of Web Information Systems, vol. 2, no. 1, pp. 37-44, 2006.

M. Walsh, M. Vutukuru, H. Balakrishnan, D. Karger and S. Shenker, “DDoS Defense by Offense,” In Proceedings of SIGCOMM'06, pp. 303-314, 2006.

S. Ranjan, R. Swaminathan, M. Uysal, A. Nucci, and E. Knightly, “DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks,” IEEE/ACM Transactions on Networking, vol. 17, no. 1, pp. 26-39, 2009.

S. Khattab, S. Gobriel, R. Melhem, and D. Mosse, “Live Baiting for Service-Level DoS Attackers,” IEEE, The 27th Conference on Computer Communications, INFOCOM 2008, pp. 171-175, 2008.

Jie Yu, Zhoujun Li, Huowang Chen, and Xiaoming Chen, “A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks,” Third International Conference on Networking and Services, ICNS, p. 54, 2007.

M. Srivatsa, A. Iyengar, J. Yin, and L. Liu, “Mitigating application-level denial of service attacks on Web servers: A client-transparent approach,” ACM Transactions on the Web, vol. 2, no. 3, 2008.

Shigang Chen, and Qingguo Song, “Perimeter-Based Defense against High Bandwidth DDoS Attacks,” IEEE Transactions on Parallel and Distributed Systems, vol. 16, no. 6, pp. 526-537, 2005.

S. Kumar, “Smurf-based Distributed Denial of Service (DDoS) Attack Amplification in Internet,” Second International Conference on Internet Monitoring and Protection, ICIMP, p. 25, 2007.

Li, and Su-bin Shen, “Packet track and trace back mechanism against denial of service attacks,” The Journal of China Universities of Posts and Telecommunications, vol. 15, no. 3, pp. 51-58, 2008.

Abbass Asosheh, and Naghmeh Ramezani, “A comprehensive taxonomy of DDOS attacks and defense mechanism applying in a smart classification,” WSEAS Transactions on Computers, vol. 7, no. 4, pp. 281-290, 2008.

T. Peng, C. Leckie, and K. Ramamohanarao, “Survey of Network Based Defense Mechanisms Countering the DoS and DDoS Problems,” Computer Journal of ACM Computing Surveys, vol. 39, no. 1, pp. 123-128, 2007.

M. Handley, “Internet Architecture WG: DoS Resistant Internet Subgroup Report,”onlineathttp://www.communications.net/object/download/1543/doc/mjh-dos-summary.pdf. 2007.

Hal Burch, and Bill Cheswick, “Tracing anonymous packets to their approximate source,” In Proceedings of the USENIX Large Installation Systems Administration Conference, pp. 319-327, New Orleans, USA, December 2000.

Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson, “Practical Network Support for IP Trace back,” Technical report, Department of Computer Science and Engineering, University of Washington, 2000.

K. Kumar, R. Joshi, and K. Singh, “An Integrated Approach for Defending against Distributed Denial of Service Attacks,” http://www.cs. iitm .ernet.in/~iriss06/paper.html, 2002.