A Survey on DDoS Detection and Prevention Mechanism

Abstract

—The internet is an obvious target for a cyberattack nowadays. The population on the internet globally is increasing from 3 billion in 2014 to 4.5 billion in 2020, resulting into nearly 59% of the total world population. The attacker is always looking for loopholes and vulnerabilities of internet-connected devices. It has been noticed from the last decade, there are more Denial-of-Service Attack (DoS) or DoS attacks and their variant Distributed Denial-of-Service (DDoS) or DDoS attacks performed by the attacker. This creates a serious problem for the network administrator to secure the infrastructure. The attacker mainly targets reputed organization/ industries and try to violate the major parameter of cyber security— Availability. The most commonly performed attack by the attacker is a Transmission Control Protocol (TCP) Synonym (SYN) DDoS attack, caused due to the design issue of the TCP algorithm. The attacker floods the packets in the network causing the server to crash. Hence, it is important to understand the source of the DDoS attack. Therefore, a real-life and accurate TCP SYN detection mechanism is required. Numerous techniques have been used for preventing and detecting various DDoS flooding attacks, some of which are covered in the literature review. The paper highlights the strengths and weaknesses of the available defense mechanism. To understand the performance status of the system we have implemented a DoS by the hping3 tool. This gives us better clarity in shortlisting and analyzing the parameters for the detection of DDoS attacks. Also, we try to analyze the impact of TCP SYN attack on the network in DDoS attacks.