A Comprehensive Survey on DDoS Attacks and Recent Defense Mechanisms

1. Introduction

Distributed denial of service attack is a brute force attempt by several attacker hosts to completely crash or slowdown one or more victim hosts. DDoS attack overwhelms victim and intermediate network by sending voluminous traffic so as to make target run short of resources (Bhuyan et al., 2014; Gupta et al., 2009). It aims to prevent service providers from being available with resources to legitimate users. A vulnerable service protocol or a network device is exploited to generate traffic or requests are amplified via server for consuming all resources (Gupta, 2011). Figure: 1 illustrates DDoS attack. A DoS attack involves single attacker host and victim while DDoS attack relies on the huge network of compromised systems (Botnet) to attack multiple targets. Unfamiliarity of defenders with multi vector DDoS attacks, for example attackers are using NTP rather than traditional amplification technique to proliferate scale; have resulted in making this problem more complex and unsolved (Incapsula, 2019). Moreover, absolute technical knowledge is not needed as there are so many “on demand” DDoS tools present on Internet to assist naive users for carrying out attack. This attack becomes more hazardous than any other possible attack as it is difficult to detect and easy to carry out. Moreover, predicting the victim host is very difficult as attackers send voluminous legitimate looking packets to exhaust the resources. Problem space of exploring and addressing various types of DDoS attacks is very vast. Further, we are lacking benchmarks for assessing efficiency, robustness and cost to compare various defensive solutions. For example, Software Defined Networking (SDN) is evolving as a new networking platform and this technology has proven very beneficial to detect and filter DDoS attacks. But SDN technology combined with Cloud has open up numerous vulnerabilities for the attackers (Bhushan & Gupta, 2019).

Figure 1.

DDoS attack architecure

Now a days, companies and big firms rely on automation and virtualization (cloud computing) to make their business operations and services more efficient and available. But the security evolution could not keep its pace with this giant transformation of technologies. Vulnerable devices like IoT (Internet of Things) and networking devices are increasing faster than the efforts for securing these devices, making easier for attackers to perform any kind of cyber-attack. All these aspects make us think more about the severity and seriousness of the problem.

Right now, we are no near to robust and comprehensive solution against DDoS attack. We need to think different from mainstream ideas of security. A hybrid solution needs to be developed that can address unpredictable attacks, that can be deployed widely and in which every Internet entity has incentives to participate and cooperate for making Internet a more safer place.