Article Preview
TopIntroduction
The increase in adoption and versatility of the Internet has influenced an exponential rise in cyber attacks. These attacks on the cyber space have severe impacts on the real world (Ghanbari & Kinsner, 2022). A core threat to cyber security is the Distributed Denial of Service (DDoS) attacks (Yang & Hespanha, 2021). DDoS attacks are coordinated attacks on the availability of services on the Internet (Singh & Gupta, 2016). DDoS attacks are malicious attempts by cybercriminals to make web services, network resources or host machines inaccessible to intended users through a flood of useless packets. Cloud-hosted servers are highly susceptible to DDoS attacks (Alqahtani & Gamble, 2015; Chaudhary et al., 2018). The availability of computing resources is a fundamental characteristic of cloud computing amongst other security necessities (Agrawal & Tapaswi, 2017).
DDoS attacks aim to disrupt networks, applications or web-based services (Dhingra & Sachdeva, 2018). DDoS attacks by overwhelming target servers with floods of bogus traffic consume resources that could service legitimate users. Unlike a traditional Denial of Service (DoS) attack which involves a single machine, modern DDoS attacks involves the use of thousands or millions of zombies, each flooding the server in order to deny access to services by legitimate users. DDoS attacks can easily be launched on web applications, as operating systems and Internet protocols are often prone to vulnerabilities.
DDoS attacks are launched through remotely controlled, well-coordinated and widely dispersed zombies’ botnet devices in a network (Khalaf et al., 2019). Typically, the process of executing a DDoS attack involves a botmaster identifying vulnerable hosts on a network, compromising the hosts with malware, controlling the hosts (the attacker executes code on the hosts without the knowledge of the hosts), and launching the attack (Behal et al., 2019). With evolving technologies such as Internet-of-Things (IoT) and cloud computing, malicious agents can launch massive volumes of DDoS attacks. These launched attacks exhaust the processing and connectivity resources of the target systems resulting in partial or total unavailability (Yusof et al., 2019).
Flooding DDoS attacks can be launched on the Network/Transport and Application layers through protocols as UDP, ICMP, TCP and HTTP (Sharafaldin et al., 2019). Network/Transport (layer 3/4) DDoS attacks are intended to deplete the victim’s network resources as bandwidth and the processing capacity of routers, thereby disrupting the legitimate user’s connectivity. On the other hand, Application (layer 7) DDoS attacks are intended to exhaust the server’s resources like CPU, sockets, memory, input/output bandwidth, causing disruption in the processing of genuine user’s requests. Nowadays, Application-layer DDoS attacks occur more frequently (Behal et al., 2021).
Despite several research efforts geared towards the detection and mitigation of DDoS attacks, these attacks are increasing in volume and severity (Sangodoyin et al., 2018). The frequency of the attacks is tremendously increasing and has become one of the biggest menaces to Internet-connected systems (Shidaganti et al., 2020). DDoS attacks are continually evolving causing service interruptions that results in huge financial losses (Rios et al., 2021). Popular websites such as Netflix, Twitter, GitHub, Airbnb, PayPal, Spotify, The New York Times, Amazon, eBay, BBC, Reddit, CNN and Yahoo have fallen victims to flooding-based DDoS attacks, having severe impacts on the organizations and the users. An effective defense mechanism against DDoS attacks is yet to be developed by security agents (Gaurav et al., 2022; Khalaf et al., 2019).