{"title":"DDoS检测与防御机制综述","authors":"Foram Suthar, Nimisha Patel","doi":"10.12720/jait.14.3.444-453","DOIUrl":null,"url":null,"abstract":"—The internet is an obvious target for a cyberattack nowadays. The population on the internet globally is increasing from 3 billion in 2014 to 4.5 billion in 2020, resulting into nearly 59% of the total world population. The attacker is always looking for loopholes and vulnerabilities of internet-connected devices. It has been noticed from the last decade, there are more Denial-of-Service Attack (DoS) or DoS attacks and their variant Distributed Denial-of-Service (DDoS) or DDoS attacks performed by the attacker. This creates a serious problem for the network administrator to secure the infrastructure. The attacker mainly targets reputed organization/ industries and try to violate the major parameter of cyber security— Availability. The most commonly performed attack by the attacker is a Transmission Control Protocol (TCP) Synonym (SYN) DDoS attack, caused due to the design issue of the TCP algorithm. The attacker floods the packets in the network causing the server to crash. Hence, it is important to understand the source of the DDoS attack. Therefore, a real-life and accurate TCP SYN detection mechanism is required. Numerous techniques have been used for preventing and detecting various DDoS flooding attacks, some of which are covered in the literature review. The paper highlights the strengths and weaknesses of the available defense mechanism. To understand the performance status of the system we have implemented a DoS by the hping3 tool. This gives us better clarity in shortlisting and analyzing the parameters for the detection of DDoS attacks. Also, we try to analyze the impact of TCP SYN attack on the network in DDoS attacks.","PeriodicalId":36452,"journal":{"name":"Journal of Advances in Information Technology","volume":"1 1","pages":""},"PeriodicalIF":0.9000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Survey on DDoS Detection and Prevention Mechanism\",\"authors\":\"Foram Suthar, Nimisha Patel\",\"doi\":\"10.12720/jait.14.3.444-453\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"—The internet is an obvious target for a cyberattack nowadays. The population on the internet globally is increasing from 3 billion in 2014 to 4.5 billion in 2020, resulting into nearly 59% of the total world population. The attacker is always looking for loopholes and vulnerabilities of internet-connected devices. It has been noticed from the last decade, there are more Denial-of-Service Attack (DoS) or DoS attacks and their variant Distributed Denial-of-Service (DDoS) or DDoS attacks performed by the attacker. This creates a serious problem for the network administrator to secure the infrastructure. The attacker mainly targets reputed organization/ industries and try to violate the major parameter of cyber security— Availability. The most commonly performed attack by the attacker is a Transmission Control Protocol (TCP) Synonym (SYN) DDoS attack, caused due to the design issue of the TCP algorithm. The attacker floods the packets in the network causing the server to crash. Hence, it is important to understand the source of the DDoS attack. Therefore, a real-life and accurate TCP SYN detection mechanism is required. Numerous techniques have been used for preventing and detecting various DDoS flooding attacks, some of which are covered in the literature review. The paper highlights the strengths and weaknesses of the available defense mechanism. To understand the performance status of the system we have implemented a DoS by the hping3 tool. This gives us better clarity in shortlisting and analyzing the parameters for the detection of DDoS attacks. Also, we try to analyze the impact of TCP SYN attack on the network in DDoS attacks.\",\"PeriodicalId\":36452,\"journal\":{\"name\":\"Journal of Advances in Information Technology\",\"volume\":\"1 1\",\"pages\":\"\"},\"PeriodicalIF\":0.9000,\"publicationDate\":\"2023-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Advances in Information Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.12720/jait.14.3.444-453\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Advances in Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.12720/jait.14.3.444-453","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
摘要
互联网是当今网络攻击的明显目标。全球互联网人口将从2014年的30亿增加到2020年的45亿,占世界总人口的近59%。攻击者总是在寻找联网设备的漏洞和漏洞。从过去的十年中已经注意到,有更多的拒绝服务攻击(DoS)或DoS攻击及其变体分布式拒绝服务(DDoS)或DDoS攻击由攻击者执行。这给网络管理员保护基础设施带来了严重的问题。攻击者主要针对知名组织/行业,并试图破坏网络安全的主要参数-可用性。攻击者最常见的攻击是TCP (Transmission Control Protocol) SYN (Transmission Control Protocol Synonym) DDoS攻击,这是由于TCP算法的设计问题造成的。攻击者使报文在网络中泛滥,导致服务器崩溃。因此,了解DDoS攻击的来源非常重要。因此,需要一种真实、准确的TCP SYN检测机制。许多技术已被用于预防和检测各种DDoS洪水攻击,其中一些在文献综述中有介绍。本文重点分析了现有防御机制的优缺点。为了了解系统的性能状况,我们通过hping3工具实现了一个DoS。这使我们更清楚地列出和分析检测DDoS攻击的参数。同时,我们尝试分析TCP SYN攻击在DDoS攻击中对网络的影响。
A Survey on DDoS Detection and Prevention Mechanism
—The internet is an obvious target for a cyberattack nowadays. The population on the internet globally is increasing from 3 billion in 2014 to 4.5 billion in 2020, resulting into nearly 59% of the total world population. The attacker is always looking for loopholes and vulnerabilities of internet-connected devices. It has been noticed from the last decade, there are more Denial-of-Service Attack (DoS) or DoS attacks and their variant Distributed Denial-of-Service (DDoS) or DDoS attacks performed by the attacker. This creates a serious problem for the network administrator to secure the infrastructure. The attacker mainly targets reputed organization/ industries and try to violate the major parameter of cyber security— Availability. The most commonly performed attack by the attacker is a Transmission Control Protocol (TCP) Synonym (SYN) DDoS attack, caused due to the design issue of the TCP algorithm. The attacker floods the packets in the network causing the server to crash. Hence, it is important to understand the source of the DDoS attack. Therefore, a real-life and accurate TCP SYN detection mechanism is required. Numerous techniques have been used for preventing and detecting various DDoS flooding attacks, some of which are covered in the literature review. The paper highlights the strengths and weaknesses of the available defense mechanism. To understand the performance status of the system we have implemented a DoS by the hping3 tool. This gives us better clarity in shortlisting and analyzing the parameters for the detection of DDoS attacks. Also, we try to analyze the impact of TCP SYN attack on the network in DDoS attacks.