Technique for Detecting, Preventing or Mitigating DoS or Distributed DoS (DDoS) Attacks (Essay Sample)

Technique for detecting, preventing or mitigating DoS or Distributed DoS (DDoS) attacksNameInstructorInstitutionDate
Technique for detecting, preventing or mitigating DoS or Distributed DoS (DDoS) attacks
Introduction
Both Denial of service attack (DoS) and Distributed denial of service (DDoS) accomplish a single objective of crashing the system and making it inaccessible to users (Mittal, Shrivastava, & Manoria, 2011). Therefore, they basically drain the computing and communication resources of victims. The difference between these attacks is based on the manner in how they are deployed. Hackers initiate DoS attacks from a single internet connection and DDoS from multiple interconnected devices with the aim of either disrupting the network with bogus requests or exploiting identified network vulnerabilities (Mittal et al., 2011). Consequently, systems crash as a result of overwhelming packets of information and degrading the network making it inaccessible to users. Of the two types of attacks, DDoS are difficult to prevent or mitigate because they are deployed over multiple devices hence affecting large junks of information.
There are mainly two types of DoS attacks, which include; Network layer attacks and Application layer attacks. The Network layer attacks are also called the layer 3-4 attacks which represent attempt by hackers or intruders to queue bogus requests to interrupt or compromise the network (Chen et al, 2008). Some of these attacks include the domain name system (DNS) amplifications and User Datagram Protocol (UDP) floods among others. Early mitigation of these attacks is important because their lifespan depends on how long they run without prevention mechanisms. Neither do DDoS and Dos attacks compromise the integrity of information nor extract important information from victims (Chen et al, 2008). They rather disrupt business and cause discomfort among people depending on attacked devices and networks. In this case, their impact is financial loss since customers are unable to either access a website or spend a lot of time transacting through the website.
On the other hand, application layer attacks target either the entire application interface of a network or sections of the network hence making them indistinguishable from common network traffic (Chen et al., 2008). These kinds of attacks present in the form of request per second, where approximately 40-120 requests per second attacks are enough to overwhelm a network. Some of the primary targets of DoS and DDoS attacks include government agencies, banks, and corporate firms. This paper will identify some of the mechanisms for detecting, preventing or mitigating DoS and DDoS to allow customers of frequently targeted firms and agencies to access desired services in time.
Arora and Bansal (2014) conducted an advanced research study on the prevention of DDoS attacks on MANET (mobile ad hoc network) protocols. I chose this research study because it is based on actual DDoS attacks on MANET protocols; with solutions derived from techniques that have been previously used to prevent DDoS attacks. Arora and Bansal (2014)’s study delved deeper into the susceptibility of Ad-hoc networks to DDoS attack. They attributed these security problems to their infrastructure, which is self-configured, hence lacking a centralized administration. The authors stated that MANET lacks a distinct line of defense; thereby, allowing both legitimate network users and hackers to access computing and communication resources. The latter disrupts and degrades these resources.
Arora and Bansal (2014) noted that the most critical challenge to mitigating DDoS attacks in MANET is designing a robust security solution, capable of fending off various DDoS attacks. The research paper highlighted previously recommended mechanisms that use a myriad range of cryptographic techniques to either prevent or mitigate attacks against MANET. Nevertheless, Arora and Bansal (2014) found that cryptographic techniques are not compatible with limited battery power and bandwidth because they require introduction of heavy traffic loads for exchanging and verification of keys. This predisposes ad hoc networks to weaknesses which can be rarely mitigated through wired network security techniques. The researchers looked into profile based detection, specification based detection, and existing solutions as better mechanisms of detecting DDoS attacks in MANET protocols and corresponding techniques of preventing them.
Detection
MANET is susceptible to Flooding attacks, any type of DDoS attack that is based on an extensive attack of traffic (Arora & Bansal, 2014). It aims at congesting victims’ network bandwidth with real-looking but meaningless data, which prevents legitimate IP packets from reaching the victim because it drains the victim’s network bandwidth resources. Therefore, Flooding attack in MANET is an effective denial-of-service attack that aims at preventing victims from accessing all currently proposed on demand mobile network routing protocols (Arora & Bansal, 2014). This kind of attack compromises Ad hoc On Demand Vector (AODV) and other on demand routing protocols. Arora and Bansal (2014) stated that a hacker can deploy the following code to launch a flooding attack:
If(((node-> node Addr)%4)==40)&&(node->nodeAddr<=50))
{
RoutingAodvIniateRREQ(node,destAddr);
}
Arora and Bansal (2014) argued that if the above code is placed in various functions of the aodv.pc file, it will make nodes 0, 4, 8, 12, 16, 20, 24, 28 and others (in this sequence) attack nodes with the responsibility of sending out mass RREQ packets through the entire network to prevent other nodes from building paths with each other.
Malicious Flooding in Specific Target is used to detect flood attacks (Arora & Bansal, 2014). This technique is based on monitoring the total number of packets received on a specific monitored node, over a period of time from a specific point of origin and destination. Therefore, it is a practical approach that can be effectively implemented in an existing ad hoc platform to detect flood attacks by monitoring specific nodes to determine whether all routed packets reach desired destination.
Prevention
Arora and Bansal (2014) stated that mechanisms used to defend ad hoc networks against DDoS techniques fall into local and global categories. Local defense mechanisms are implemented on the victims’ local network or computer without cooperation from any outsiders. Arora and Bansal (2014) asserted that local solutions are categorized into three areas, which include local filtering, changing IPs, and creating client bottlenecks. Local filtering involves filtering packets at the router level, hence stopping them from infiltrating IP packets. Although this might be considered a good way of mitigating flood attacks, it can be ineffective if an attack targets a victim’s network with a heavy traffic, consequently overwhelming the local router, which will in turn overload the filtering software (Arora & Bansal, 2014).
On the other hand, changing IP address is Brand-Aid mechanism that involves changing the IP address of the victim, such that information regarding the change is disseminated to all routers enabling the edge router to drop infected packets once the hacker sends them (Arora & Bansal, 2014). This makes this approach practical in effectively detecting and dropping malicious packets at the edge router. Nevertheless, this mechanism’s effectiveness depends on how soon flood attacks are detected and the rate at which changes to the IP address are made. Lastly, creating client bottlenecks is used to prevent against flood attacks by creating a bottleneck process (process to slow down routing of packets to the slowest point in the data path by allowing multiple users to access computing resources) on the zombie computers (computers on the attacked network) hence limiting their attacking effect.
Arora and Bansal (2014) claimed that DDoS attacks increasingly target weaknesses of a network or internet as whole, hence making local solutions futile. This necessitates the use of global mechanisms which include, but not limited to improving the security of the entire internet, and deploying globally coordinated filters. Re-enforcing security of all networked computers will minimize hacker’s probability of finding enough vulnerability that they could exploit by placing daemon programs to compromise network resources (Arora & Bansal, 2014). In addition, deploying globally coordinated filters prevents the accumulation of malicious attacks on multiple packets. This means that if filters are installed throughout the entire internet, it is easier for victims of attacks to send warnings of detected attacks and filters can stop them from disrupting more packets on the network. This prevents escalation of attacks to lethal proportions. The strength of this method lies in its ability to stop attacks even after they compromised multiple networked computers.
Prasad, Reddy & Rao (2014)’s research article is my second choice of the three research papers about mechanics that could be used to detect, prevent or mitigate DDoS attacks. I chose research paper because it is a peer-reviewed article that was published within the last two years meaning that it conveys information about DDoS detection and prevention mechanisms from research findings and content that was recently put into scrutiny by experts in the field of network security (Solomon, 2007). Therefore, its information on mechanism of detecting and preventing or mitigating DDoS attacks is relevant and warranted with acceptable interpretation.
Prasad, Reddy & Rao (2014) found that the traditional architecture of internet is susceptible to various DDoS attacks, which provide attackers myriad of opportunities to expl...