A Survey on DDoS Detection and Prevention Mechanism

IF 0.9 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS
Foram Suthar, Nimisha Patel
{"title":"A Survey on DDoS Detection and Prevention Mechanism","authors":"Foram Suthar, Nimisha Patel","doi":"10.12720/jait.14.3.444-453","DOIUrl":null,"url":null,"abstract":"—The internet is an obvious target for a cyberattack nowadays. The population on the internet globally is increasing from 3 billion in 2014 to 4.5 billion in 2020, resulting into nearly 59% of the total world population. The attacker is always looking for loopholes and vulnerabilities of internet-connected devices. It has been noticed from the last decade, there are more Denial-of-Service Attack (DoS) or DoS attacks and their variant Distributed Denial-of-Service (DDoS) or DDoS attacks performed by the attacker. This creates a serious problem for the network administrator to secure the infrastructure. The attacker mainly targets reputed organization/ industries and try to violate the major parameter of cyber security— Availability. The most commonly performed attack by the attacker is a Transmission Control Protocol (TCP) Synonym (SYN) DDoS attack, caused due to the design issue of the TCP algorithm. The attacker floods the packets in the network causing the server to crash. Hence, it is important to understand the source of the DDoS attack. Therefore, a real-life and accurate TCP SYN detection mechanism is required. Numerous techniques have been used for preventing and detecting various DDoS flooding attacks, some of which are covered in the literature review. The paper highlights the strengths and weaknesses of the available defense mechanism. To understand the performance status of the system we have implemented a DoS by the hping3 tool. This gives us better clarity in shortlisting and analyzing the parameters for the detection of DDoS attacks. Also, we try to analyze the impact of TCP SYN attack on the network in DDoS attacks.","PeriodicalId":36452,"journal":{"name":"Journal of Advances in Information Technology","volume":"1 1","pages":""},"PeriodicalIF":0.9000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Advances in Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.12720/jait.14.3.444-453","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

—The internet is an obvious target for a cyberattack nowadays. The population on the internet globally is increasing from 3 billion in 2014 to 4.5 billion in 2020, resulting into nearly 59% of the total world population. The attacker is always looking for loopholes and vulnerabilities of internet-connected devices. It has been noticed from the last decade, there are more Denial-of-Service Attack (DoS) or DoS attacks and their variant Distributed Denial-of-Service (DDoS) or DDoS attacks performed by the attacker. This creates a serious problem for the network administrator to secure the infrastructure. The attacker mainly targets reputed organization/ industries and try to violate the major parameter of cyber security— Availability. The most commonly performed attack by the attacker is a Transmission Control Protocol (TCP) Synonym (SYN) DDoS attack, caused due to the design issue of the TCP algorithm. The attacker floods the packets in the network causing the server to crash. Hence, it is important to understand the source of the DDoS attack. Therefore, a real-life and accurate TCP SYN detection mechanism is required. Numerous techniques have been used for preventing and detecting various DDoS flooding attacks, some of which are covered in the literature review. The paper highlights the strengths and weaknesses of the available defense mechanism. To understand the performance status of the system we have implemented a DoS by the hping3 tool. This gives us better clarity in shortlisting and analyzing the parameters for the detection of DDoS attacks. Also, we try to analyze the impact of TCP SYN attack on the network in DDoS attacks.
DDoS检测与防御机制综述
互联网是当今网络攻击的明显目标。全球互联网人口将从2014年的30亿增加到2020年的45亿,占世界总人口的近59%。攻击者总是在寻找联网设备的漏洞和漏洞。从过去的十年中已经注意到,有更多的拒绝服务攻击(DoS)或DoS攻击及其变体分布式拒绝服务(DDoS)或DDoS攻击由攻击者执行。这给网络管理员保护基础设施带来了严重的问题。攻击者主要针对知名组织/行业,并试图破坏网络安全的主要参数-可用性。攻击者最常见的攻击是TCP (Transmission Control Protocol) SYN (Transmission Control Protocol Synonym) DDoS攻击,这是由于TCP算法的设计问题造成的。攻击者使报文在网络中泛滥,导致服务器崩溃。因此,了解DDoS攻击的来源非常重要。因此,需要一种真实、准确的TCP SYN检测机制。许多技术已被用于预防和检测各种DDoS洪水攻击,其中一些在文献综述中有介绍。本文重点分析了现有防御机制的优缺点。为了了解系统的性能状况,我们通过hping3工具实现了一个DoS。这使我们更清楚地列出和分析检测DDoS攻击的参数。同时,我们尝试分析TCP SYN攻击在DDoS攻击中对网络的影响。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Journal of Advances in Information Technology
Journal of Advances in Information Technology Computer Science-Information Systems
CiteScore
4.20
自引率
20.00%
发文量
46
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信