We will write a custom Research Paper on Techniques for Detecting, Preventing or Mitigating DoS or Distributed DoS attacks specifically for you
301 certified writers online
The internet has become part of the daily lives of people throughout the world. Some services such as banking, transportation, and healthcare are heavily dependent on it. According to Patrikakis, Masikos, and Zouraraki (2004), the internet is an intricate system of computers that are linked with the intention of creating an easy communication platform.
The frequent use of the internet, like other systems, has been associated with problems, with the example being the Denial of Service (DoS) attacks (Patrikakis, Masikos, & Zouraraki, 2004). Different researchers have looked at how these attacks occur and/or the available methods of detecting prevention and mitigation.
According to Patrikakis, Masikos, and Zouraraki (2004), a Denial of Service attack occurs when individuals or groups of individuals attempt to block the provision of internet services by an internet company to its users. On the other hand, Distributed Denial of Services occurs when the threat originates from multiple sources (Patrikakis, Masikos, & Zouraraki, 2004). This research paper reviews some of the documented methods of detecting, preventing, or mitigating Denial of Service (DoS) and Distributed Denial of Service (DDoS).
The prevalence of DoS and DDOS attacks has constantly been on the increase with the increased number of internet users and number of people with skills being capable of initiating the same.
The prevalence of these attacks has necessitated increased research, with a number of articles being available on the same. The techniques used are constantly changing to keep up with the pace at which the attackers are changing their own tactics. The articles selected for review in the research paper were those that featured the appropriate methods that are currently in use.
The attack on DoS and DDoS takes different shapes. Different researchers have described the examples of the attacks together with how they may be prevented. The individuals and groups involved in the development of these attack methods have constantly developed tactics of evading any method that is developed to counter them, and hence the need for new methods to retain the security of the internet and its users. These methods are discussed below.
Techniques from the Articles
This section looks at the findings from the different articles. Charalampos Patrikakis, Michalis Masikos, and Olga Zouraraki (2004) did the first article that describes the detection, prevention, and mitigation of the DoS and DDoS attacks. In this article, the researchers describe the meaning of the internet, DoS and DDoS, and/or how the attacks on DoS and DDoS occur (Patrikakis, Masikos, & Zouraraki, 2004).
They discuss the basic mechanisms in the development of the problem before proceeding to examine how they lead to the eventual collapse of services over the internet for a company. Some of the mechanisms in use for detecting, preventing, and mitigating the attacks are also discussed in the article.
One preventive measure that is suggested in the article is the constant update of software in machines (Patrikakis, Masikos, & Zouraraki, 2004). Attacks are described as often occurring in machines that are not frequently updated. According to Patrikakis, Masikos and Zouraraki (2004), the update of software allows machines to work against the malicious attacks with ease.
The users are able to prevent the attacks effectively as the software prevents the possibility of participating in an attack without its prior knowledge, and hence an effective measure of prevention. Observations show that frequently updated machines are better protected.
The second protection measure discussed in the article is the monitoring of any access to the computer, installation of security patches and firewalls, and the adoption of automatic detection systems for intrusion (Patrikakis, Masikos, & Zouraraki, 2004).
According to Patrikakis, Masikos, and Zouraraki (2004), this method causes reduced traffic for offenders, with the machine frequently reporting on its health to a network. The owners are also able to keep track of the machine performance, thus allowing them to make any necessary changes, and hence an effective method of prevention that allows a greater degree of prevention of DoS and DDoS attacks (Patrikakis, Masikos, & Zouraraki, 2004).
The detection measure that is discussed in the article is signature detection, which involves the detection of footprints or signatures that are associated with sources of malicious programs (Patrikakis, Masikos, & Zouraraki, 2004).
The programs matching this signature are denied access to the machine, thus leading to a reduction of attacks. The researchers confirm that the method is effective because it is reliable and easy to utilize, with a better outcome in the detection of attacks as compared to other methods (Patrikakis, Masikos, & Zouraraki, 2004).
Get your first paper with 15% OFF
Zargar Saman, James Joshi and David Tipper (2013) provide the other article that looks at DoS and DDoS attacks. This article also defines the Distributed Denial of Services. It states that they are attempts to disrupt legitimate users of the internet. Besides, it discusses the existing measures in the prevention and mitigation of the same. The first detection mechanism that is stated in the article is the trace back mechanism.
According to Zargar, Joshi, and Tipper (2013), this mechanism involves the tracing of IP packets backward to the real sources instead of leading to the forged IO addresses. This mechanism allows for detection and tracing of the origin of attackers. It is effective in achieving this goal. According to Zargar, Joshi, and Tipper (2013), the two categories in which these mechanisms apply is the packet marking and/or through link testing.
The second detection mechanism stated in the article is the use of network-based mechanisms (Zargar, Joshi, & Tipper, 2013). In these mechanisms, the measures to detect the attacks and the attackers are deployed within the network with the application of routers (Zargar, Joshi, & Tipper, 2013).
In these detection mechanisms, the main example is the use of the route-based packet filtering strategy (Zargar, Joshi, & Tipper, 2013). This measure is effective since it allows the detection of threats while still in the network. The users do not receive the attacks on their machines. The process of detection is automated and more effective.
One of the measures that are used to prevent attacks from the malicious individuals is the Active Internet Traffic Filtering (Zargar, Joshi, & Tipper, 2013).
In this mechanism, the receiver of the services opts to deny traffic to all unrecognized connections while only accepting traffic that is owned by a predetermined network (Zargar, Joshi, & Tipper, 2013). This means that receivers have control over what they can access and/or what gains access to their machines. This measure is effective in prevention of threats since most of the threats are from unrecognized sources.
The third article looks at the results of a survey conducted on the defense mechanisms to counter DoS and DDoS. It looks specifically at the network-based mechanisms (Peng, Leckie, & Ramamohanarao, 2006). One of the detection techniques discussed by Peng, Leckie, and Ramamohanarao (2006) is the MULTOPS scheme that was proposed by Gil and Poletto in 2001.
In this technique, the evaluation of packet rate is done between a subnet and the host (Peng, Leckie, & Ramamohanarao, 2006). The assumption is that the rate is always proportional. When a disproportion is noted, there is an indication of a likely DoS attack (Peng, Leckie, & Ramamohanarao). This scheme is useful as it helps detect the possible threats before they cause significant damage. However, some of the attackers have found ways of confusing the process.
The other detection technique that Peng, Leckie, and Ramamohanarao (2006) discuss in their article is the SYN detection that they stated to have originated from Wang and his colleagues in 2002. This detection method evaluates the ration of several factors, including SYN, FIN, and RST (Peng, Leckie, & Ramamohanarao, 2006).
This method is as effective as any other method of detecting attacks. Users in the past have often described it as effective. The opinion is that the use of this method in the detection of DoS attacks will be adequate. The use of ratios of different packets according to Peng, Leckie and Ramamohanarao (2006) is effective in the end because many attacks are prevented based on their characteristics (Peng, Leckie, & Ramamohanarao, 2006).
The article also discusses some of the prevention measures that may be used for DoS and DDoS attacks. One of the prevention measures that are discussed is the Ingress/Egress filtering, which involves the filtering of traffic that is coming to the local network together with the one that is leaving the same network (Peng, Leckie, & Ramamohanarao, 2006).
In this method, the malicious codes that are involved in the attack are filtered before they make any changes to the local network. They result in the security of the network as a whole (Peng, Leckie, & Ramamohanarao, 2006). This measure is effective in the prevention of attacks to DoS and DDoS.
The fourth article was selected based on its relevant to the subject on DoS and DDoS attacks. In this article by John Vacca (2002), the internet service providers (ISPs) are recognized as important contributors towards network security. Their collaboration with customers is recognized as important in this measure.
The article states a number of measures to detect intrusion and DoS and DDoS attacks in networks. The example of a measure that is proposed in the detection of attacks is the use of special software (Vacca, 2002) such as anti-viruses and online software that can filter the threats to the network and its users. This measure is deemed useful.
The next suggested measure is the use of intrusion detection systems (Vacca, 2002). In this particular detection measure, Vacca (2002) confirms that the ISP Company will be efficient in evaluating the magnitude of the threats and use the available resources to counter them. The main example provided is the use of measures such as the specified intrusion detection systems. The measure is effective.
The last article looks at the prevention of DoS and DDoS attacks through cooperation between the ISPs and the companies that form the bulk of their customers (Work Together To Stop DoS Attacks, 2001).
The article states that the attacks may be mitigated through cooperation between the ISPs since they can exchange information on the sources of these attacks and lead to a safer internet (Work Together To Stop DoS Attacks, 2001). The article cites some of the attacks that have occurred, including the damage that they had on the respective organizations.
The other measure that is proposed is the cooperation between customers and the internet service providers. This collaboration is touted as an important way of mitigating the threats posed by these attacks (Work Together to Stop DoS Attacks, 2001).
The author states that networks must evaluate the measures that work in the prevention of attacks, including the network architecture and data access systems (Work Together to Stop DoS Attacks, 2001). These are recognized as important measures in the achievement of total internet security. The article does not mention some of the measures that are specific to the detection of DoS and DDoS attacks. However, it establishes cooperation as an important measure in their prevention.
The internet is an important tool in the daily lives of most individuals. There are institutions that are dependent on it for normal functioning. Developments in security have led to frequent DoS and DDoS attacks, with internet users paying the price. These attacks have necessitated the creation of measures that are aimed at prevention, detection, and mitigation of any threats as discussed in the research paper.
Patrikakis, C., Masikos, M., & Zouraraki, O. (2004). Distributed Denial of Service Attacks. The Internet Protocol Journal, 7(4), 1-13.
Peng, T., Leckie, C., & Ramamohanarao, K. (2006). Survey of Network-based Defence Mechanisms Countering the DoS and DDoS Problems. ACM Transactions on Computational Logic, 2(3), 1-46.
Work Together To Stop DoS Attacks. (2001). Web.
Zargar, T., Joshi, J., & Tipper, D. (2013). Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks. IEEE Communications Surveys & Tutorials. Web.