Article Preview
Top1. Introduction
The area of network defense is a vast domain and continuously gaining attention from research community. There has been a tremendous evolution in the attack size, attacking tools, methods and techniques. Traditionally, network defense system consists of either firewalls or Intrusion Detection Systems (IDSs) which provide a certain level of protection to some extent and there is no denying in the fact that attackers can easily bypass these devices by appearing to be a legitimate one to the victim. DDoS attack always takes advantage of the critical misalignment of traffic load and resources between the client and server (Gupta & Badve, 2016; Wang et.al., 2018; Bhardwaj & Goundar, 2017; Kaushik & Gandhi, 2019). DDoS attack is an attempt to make an online service unavailable to the legitimate users by astounding the server with traffic from multiple sources crippling down the speed of server (Alomari, et al., 2016; Almomani, et al., 2013; Chhabra, et al., 2013; Gupta, et al., 2018).
From the last decade, academicians have proposed various solutions ranging from filtering mechanisms (Kalkan et al., 2016), overlay based solutions (Kaur et al., 2017) to capability-based solutions (Liu et.al., 2016) and other approaches (De Assis et al., 2017; Rodrigues et al., 2017). There are a lot of defense mechanisms exist which offer exceptional protection from a specific type of attack, but we lack a cooperative and distributed defensive mechanism that can be deployed widely all over the Internet. Moreover, Internet security is highly driven by sharing of data related to security breaches and cyber-attacks. Sharing data can help in quantifying cyber risks more effectively (Al Quhtani, 2017; Bredmar, 2017; Pejić Bach et al., 2017; Horvat et al., 2014). Sharing data can help pro-active defense mechanisms to learn about previous methods of carrying out attacks. But there exist very less incentives for organizations to share data (Moore, 2019).
A new record had been set in February 2018 when DDoS attack of size 1.3 Tbps was carried out against GitHub. This record was broken just after five days when a DDoS attack of size 1.7 Tbps was performed against a US based telecommunication company (Skottler, 2018). It was a memcached attack. Major DDoS attack of size 620 Gbps occurred in 2016 where a huge network of things (IoT) was converted into a botnet named MIRAI and used against a company DYN. There is another high trend in 2017 where a ransom driven DDoS is launched against big enterprises (KSN, 2017). According to a 2017 report from Cisco, there will be a rise in number of DDoS attacks to 3.1 million by 2021 which will exceed 1 Gbps of traffic. According to “Visual Networking Index Complete Forecast Update, 2015-2020” published by CISCO (Stephanie, 2018), the number of DDoS attacks grew 25 percent in 2015 and will increase 2.6-fold to 17 million by 2020. There is a need to understand the fact that DDoS attack can still be a threat to an enterprise despite having all precautionary measures, if the enterprise's DNS provider, ISP or hosting service providers are not secured against DDoS attack (Gupta, 2011; Gupta, et al., 2012; Chaudhary, et al., 2018).