Defence against Distributed denial of service attacks

Defence against Distributed denial of service attacks Abstract

With the rapid development of the internet, computer and network are acting as a very important role in the world. Although the internet has brought lots of advantages, also there are many unforeseen weaknesses such as all kinds of virus and Cyber attack. Distributed denial of service (DDOS) attack is one typical Cyber attack. Because of too many techniques involved in DDOS attacks, it is quite difficult to solve DDOS from the root, so a further discussion on the matter is necessary. This essay will represent development status of DDOS, and research the methods used to defend against DDOS attack, and compare the advantages and disadvantages of these techniques. This essay represents

1. Introduction

2. Literature Review

2.1 History of DDOS attack tools

2.2 Related work

3. Analysis of the methods exist to defend against DDOS attacks

4. Future Work and Conclusion

1.Introduction

In order to understand DDOS, it is essential to apprehend the concept of DOS. DOS describes that an attacker attempts to prevent the intended users accessing to the computer resources (Travis, nd). The principle of this attack is one target computer system can not process instructions coming from legitimate users through using logical service request to occupy overmuch service resources. Because of the development of computer information processing competency and network technique, it is difficult to launch an effective attack by DOS, and then DDOS come into existence as the situation requires. In fact, DDOS attack is developed by the enhancement of technique of DOS, which means that several attackers launch attacks to one target computer system at the same time, so DDOS is defined as: the attacker(s) implement an attack by amount of controlled hosts on the internet to prevent the intended users accessing to the computer resources (Keith, 2001).

The hosts of multiple machines that have been controlled to use for a DDOS attack are the core of DDOS. Once attacker break into the systems that have security holes and the attacker setup DDOS attack in the computer, the attacker succeed in getting a daemon. In addition, the attacker always use some automated tools that is easy to be downloaded in hacker websites to get potential daemons. When the attacker controls

adequate daemons, one DDOS attack will be implemented by one command program. Except for improving the effectiveness of attack, the reason why the attackers try to get thousand of daemons is to keep identity sealed (Zhou & Chonka 2007), because all daemons have an ability to send the command of attack and establish Stepping Stone that is new layer as the gloss of real attacker (Zhou & Chonka 2007).

DDOS attack is intelligent technical criminality, and it will lead to heavy losses of money and time for criminals. Even the DDOS attacks are intent on more serious crimes such as fraud, theft and extortion (Enterprise/Salt Lake City, 2005). Moreover, the size and the variety of DDOS attacks constantly evolve (M2pressWIRE, 2007). However, current DDOS defence techniques such as traffic monitoring, congestion control and passive traceback are passive, because all actions based on the above techniques are taken after the attacks. Therefore, it is really significant to constantly research superior active defence mechanisms.

2. Literature Review

2.1 History of DDOS Attack tools

The DDOS attack tools had a recent history. The first initial DDOS attack tools called TCP, UDP, and ICMP flood were worked with minimum bandwidth in 1998, the attacks had the characteristic of combination of attack, however, there was a limitation that on ly be used on a less ten hosts’ network (Zaroo, nd). In the next year, multiple attack tools appeared such as trinoo, and then the attackers can work together to bring down systems, it means that, the ability of attack was improved dramatically (Zaroo, nd). In February 2000, the judgment on the above was proved. Yahoo, Amazon, , CNN, eBay, E*Trade and ZDNet were all hit by DDOS attack. As a result, all company suffered huge economic loss (Kessler, 2000). In 2001, worm is used to improve automatic propagation of daemons and implement the aggressive scanning (Zaroo, nd). The notorious SQL slammer worm was exploited in 2003 for the vulnerability of the Microsoft SQL server. The fastest speed of injection contributed to enhancement of the damage of DDOS attack (Zaroo, nd).

2.2 Related work

The damage of DDOS attack is becoming more powerful, so it is essential to research more sophisticated defence systems and techniques, and all this time passive defence methods are used to defend against DDOS attack. However, it is far from enough to protect the victim. Detecting mechanism and reacting mechanism are the most common detection method. Detecting mechanism mainly includes traffic volume monitoring, source IP address monitoring, and packet content analysis. The concept of theses methods is using statistical analysis to identify an authorized connection (Naim, 2008). Reacting mechanism mainly includes filtering, congestion control, passive traceback and replication. These methods are established to stop DDOS attack from