Information Security

Table of Contents

DoS Attacks.

DoS attacks in real world..

Control Measures for DoS Attacks.


DoS Attacks

Cyberattacks have been increasing in frequency and in sophistication with the increased usage of digital systems. There have been various methods used by cyber attackers to attack digital systems to either take the entire system offline or to cause harm or retrieve the data storage held by the organization. Some of the most common cyberattacks include malwares, ransomwares, phishing attacks, DoS attacks, SQL injections and zero-day exploits. Out of these emerging techniques of data attacks, DoS attacks have been a widely used attack method with a high vulnerability which can cause problems for client to client data transmission (Xu, Fang and Shi 2020). Many industries and organizations having been making use of software and digital systems to work effectively and efficiently. With an increasing reliability over digital systems, there has also been an increase in the number of attacks aimed at causing damage to the memory systems of these organizations or to steal confidential data. Out of the many sophisticated methods of causing a cyberattack, a DOS attack has been a widely used method to cause damage to a digital system. A conventional DoS attack is aimed at not letting users access a particular website. It is executed in such a way that the resources of a website are completely tied up. Many organizations have been exposed to DoS attacks and it still remains one of the most tough attacks to break as it can very difficult to find the attacker causing such attacks. A typical DoS attack can lead to severe damage to the network and its architecture especially when it is aimed at the central control of the network. In some cases, a DoS attack can even lead to the entire network being crippled. Some of the other issues which can be caused to a DoS attack include overloading of the network controller due to which the messages which are transferred in the form of packets can get stuck in long queues, an exhausted control panel and an overflow in the switch TCAM memory (Dridi and Zhani 2016). These attacks can be carried out based on two methods. The first is to flood the web service such that it increases the time taken by users to access the website or to crash it. Flooding DoS attacks have been more common than crash attacks. Under flooded DoS attacks, the attackers tend to create huge amounts of traffic on the website such that the server can no longer handle it and finally stopping it from working. A flood type DoS attack can further be classified into two sub-categories namely the ICMP flood attack and the SYN flood attack. Under the ICMP flood attack, the attackers aim at sending spoofed packets of data to every system in the network leading to a damaged network configuration. In a SYN flood attack, the attackers exploit a vulnerability present in the connection sequence followed by the TCP. The second method to conduct a DoS attack is using the crash method under which attackers make use of bugs which cause damage to the flaws present in a network system. Although there have been many preventive measures created so as to mitigate the effects and the chances of experiencing a DoS attack, but internal DoS attacks have still been prevalent as codes leading to DoS attacks can be hidden inside the installed software running on digital systems (Chen et al 2018). One of the most common type of DoS attack is a UDP flood DoS attack. It can be described as a DDoS attack which is used to flood a particular target with packets of User Datagram Protocol also known as UDP. The main aim of this attack is to flood the ports of any given network host randomly. As a result of this, the host is forced to repeatedly check for the application listening’s and in cases of no such application it generates a reply of an ICMP destination unreachable packet due to which the host resource becomes inaccessible. Another common type of DoS attack is the HTTPS flood type DoS attack. Under such attacks, an attacker aims at exploiting the HTTP GET and POST requests to attack a web server or an application. These attacks can be described as volumetric attacks which make use of botnets to create an army of computers such as a group of computers connected to the internet each of which has been maliciously taken over with the assistance of malwares such as Trojan Horses. Under such attacks, in cases where HTTP clients such as web browsers talk to applications and servers, it generates a request belonging to one of the two types, either a GET request or a POST request. A GET request is used to retrieve standard and static content files such as images whereas a POST request is used to access resources which have been dynamically generated. Under such an attack, an attacker forces a server or an application to allocate the maximum number of resources possible for every single request. These requests sent to the server are created to be

intensive to processing as much as possible. HTTP flood attacks can be classified into four types namely session flooding attacks in which a high number of session initiation requests are generated by the attacker, request flooding attacks in which the session generated by the attacker contain more number of session requests in comparison to a general user, asymmetric flood attacks in which sessions contain large amounts of high workload requests and slow requests in which an attackers sends HTTP requests in parts and does not let the request complete initially (Sreeram and Vuppala 2017). 

DoS Attacks in Real World

According to Crane (2019), the greatest number of DoS attacks were experienced in 2019, where the number of DoS attacks were up by at least 84% in the first quarter of the year. DoS attacks are expected to grow at a rapid rate following the rate of success held by this particular type of cyberattack. Global researches have suggested that the number of DoS attacks are expected to grow to almost double its number by 2022 leading to almost 14.5 million DoS attacks. Cisco which is one the leading companies working in the IT and networking sector has estimated that the size and number of DoS attacks have been experiencing a downfall in trend ever since the Federal Bureau of Investigation had brought down 15 of the most popular websites which offered DoS attacks in 2018. Out of the many countries experiencing DoS attacks, the United States of America and China remain the top two targets for DoS attacks experiencing 17.5% and 63.8% attacks respectively. One of trends in DoS attacks which has been on an increase is the usage of a strategy known as the low intensity incursion which can degrade the performance of a server with time. Out of the many leading organizations and industries facing the threat of DoS attacks, Google has been one of those of organizations which has been prone to frequent DoS attacks. As per the Economic Times (2020), Google has revealed that its infrastructure had been subjected to a huge 2.5 Tbps DoS attack in 2017 which was one of the largest DoS attacks in terms of bandwidth reported to date and ran over a period of 6 months and made use of multiple methods of DoS attacks. The attackers behind the attack at Google had made use of many networks to spoof almost 167 Mbps so as to send large responses to Google slowing down its servers. GitHub has been a leading platform used by professionals for software development and acts as a repository hosting service. According to Newman (2018), the company had experienced the largest DoS attack aimed at it in 2018. The attack was found to be a 1.3 Tbps attack which caused a downtime for the website for approximate 15 – 20 minutes. The growth in the number of IoT devices has also led to increase in the number of attacks on these devices. Each device present in the network can act as a potential source of DoS attacks. Companies manufacturing IoT devices do not wish to equip these devices with cyberattack security measures as they are linked to increased costs. IoT devices have been prone to Distributed DoS attacks more commonly known as DDoS. A DDoS attack is described as a cyberattack coordinated by many DoS attacks taking place at the same time targeting compromised devices such as IoT devices, servers, etc (Huraj, Simon and Horak 2018). Apart from public websites and devices used by individuals, Government used devices have also been prone to DoS attacks. One such prominent DoS attack was aimed at the Government of Luxembourg based on a DDoS attack. The attack was aimed at the servers used by the Government which caused a downtime for more than 24 hours. The usage of botnets has been a leading form of DoS attacks which are used to flood the servers with multiple requests (Irwin 2017). Ransomwares have been linked to DoS attacks as these attacks restrict the usage of devices and systems and are commonly known as locker ransomwares. These attacks can also cause changes in the desired operations carried out by IoT devices leading to monetary losses. An example can be causing damage to devices used in industries such as thermostats which can lead to a larger energy consumption causing monetary losses (Yaqook et al 2017).

Control Measures for DoS Attacks

DoS attacks have been linked to risks leading to economic losses and loss in reputation for many industries. These attacks can cause many other damages to as they depend on the countless vulnerabilities held by digital systems and internet protocols leading to a feeling of helplessness for organizations and its users. Implementation of proper tools and safety measures can help reduce and prevent DoS attacks by making use of different vectors to safeguard the potential points of attack. An approach which can be utilised to overcome the chances of a DoS attack can be to divide the entire process into sub-processes including attack prevention, attack detection, identification of attack source and the reactions towards the attack. Attack prevention can be used to stop and prevent the attacks before they take place by identification of the points in the network which can be prone to DoS attacks. Attack detection can be divided into two categories namely DoS attack specific detection and anomaly based detection. DoS attack specific detection techniques are used to scan the network and its devices for any vulnerability which can lead to a DoS attack. Anomaly based detection techniques are used to scan the system for any possible deviation in system and the network performance from the desired procedure of operation. Attack source identification can be difficult but the usage of advanced IP tracker schemes such as Hash based IP trackers can be used to perform IP tracing actions. The first step to initiate DoS attack reactions is to safeguard the bottleneck resources so as to prevent any further damage. Once these resources are safe, the target organization can focus on restoring partial services of the system (Keshri, Singh, Agarwal and Nandi 2016). According to Rengaraju, Ramanan and Lung (2017), the usage of distributed firewalls can be used along with an intrusion prevention system so as to prevent DoS attacks. Intrusion prevention systems are developed to act as virus scanners which can scan the network systems for unknown intrusions. Most of the intrusion systems used to date are based on signature detection methods. These systems scan for a known identity or a signature for each intrusion event. Firewalls on the other hand are security systems used to scan and control the traffic entering and exiting a network with the help of security rules which are predetermined. The firewall and intrusion prevention system together can be used to perform the basic operation firewalls as well as scan and verify the anonymous packets of data in the network. Such methods can be used against both ICMP as well as SYN flood type DoS attacks. Also, many systems have been making use of multicore computing leading to an increase in number of points for attackers to focus on for a DoS attack. Multicore processors make use of non-blocking caches especially as a share level cache to facilitate simultaneous access to memory from multiple cores. A separate read and write memory bandwidth can be used to efficiently counter DoS attacks which are cache intensive parallel to the minimization of the performance impact to read heavy general applications (Bechtel and Yun 2019). Honeypots can also be used to protect devices against DoS attacks. Honeypots are used to describe a device which is used to confuse the attacker by mimicking potential targets for cyberattacks. These devices do not only force the attackers into thinking that the system being attacked is not just a dummy system but an actual part of the network, but also help security advisors and organizations to study the type of attacks exposed to the system and formulate strategies to safeguard systems against such attacks. Honeypots can be implemented in safety protocols for DoS attacks by dividing it into two processes. The first step can be to pass the requests made by clients through the intrusion detection system to the server where the intrusion system can scan the request for any anomaly and if found, the request can be transferred to the honeypot while simultaneously saving the information related to the attacker in a log database. The second step can be to match the requests received by the intrusion detection system with the logs saved in the first step. If the request matches the data saved in the log, it can be blocked or else it can be transferred to the server (Anirudh, Thileeban and Nallathambi 2017).

References for DoS Attacks Mitigation in SDN Networks

Anirudh, M., S. Arul Thileeban, and Daniel Jeswin Nallathambi. 2017. "Use of honeypots for mitigating DoS attacks targeted on IoT networks." 2017 International conference on computer, communication and signal processing (ICCCSP): 1-4.

Bechtel, Michael, and Heechul Yun. 2019. "Denial-of-service attacks on shared cache in multicore: Analysis and prevention." 2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS): 357-367.

Chen, Jiyang, Zhiwei Feng, Jen-Yang Wen, Bo Liu, and Lui Sha. 2019. "A container-based dos attack-resilient control framework for real-time UAV systems." 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE): 1222-1227.

Crane, Casey. 2019. “The 15 Top DDoS Statistics You Should Know In 2020.”

Dridi, Lobna, and Mohamed Faten Zhani. 2016. "SDN-guard: DoS attacks mitigation in SDN networks." 2016 5th IEEE International Conference on Cloud Networking (Cloudnet): 212-217.

Economic Times. 2020. “Google stops biggest-ever DDoS cyberattack to date.”

Huraj, Ladislav, Marek Simon, and Tibor Horák. 2018. "IoT measuring of UDP-based distributed reflective DoS attack." 2018 IEEE 16th International Symposium on Intelligent Systems and Informatics (SISY): 000209-000214.

Irwin, Luke. 2017. “Luxembourg government servers hit by DDoS attack.”

Keshri, Anand, Sukhpal Singh, Mayank Agarwal, and Sunit Kumar Nandiy. 2016. "DoS attacks prevention using IDS and data mining." 2016 International Conference on Accessibility to Digital World (ICADW): 87-92.

Newman, Lily Hay. 2018. “GitHub Survived the Biggest DDoS Attack Ever Recorded.”

Rengaraju, Perumalraja, V. Raja Ramanan, and Chung-Horng Lung. 2017. "Detection and prevention of DoS attacks in Software-Defined Cloud networks." 2017 IEEE Conference on Dependable and Secure Computing: 217-223.

Sreeram, Indraneel, and Vuppala, Venkata Praveen Kumar. 2019. "HTTP flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm." Applied computing and informatics 15, no. 1: 59-66.

Xu, Yong, Mei Fang, Peng Shi, and Zheng-Guang Wu. 2019. "Event-based secure consensus of mutiagent systems against dos attacks." IEEE transactions on cybernetics.

Yaqoob, Ibrar, Ejaz Ahmed, Muhammad Habib ur Rehman, Abdelmuttlib Ibrahim Abdalla Ahmed, Mohammed Ali Al-garadi, Muhammad Imran, and Mohsen Guizani. 2017. "The rise of ransomware and emerging security challenges in the Internet of Things." Computer Networks (129): 444-458.

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help

Get It Done! Today

Applicable Time Zone is AEST [Sydney, NSW] (GMT+11)
Upload your assignment
  • 1,212,718Orders

  • 4.9/5Rating

  • 5,063Experts


  • 21 Step Quality Check
  • 2000+ Ph.D Experts
  • Live Expert Sessions
  • Dedicated App
  • Earn while you Learn with us
  • Confidentiality Agreement
  • Money Back Guarantee
  • Customer Feedback

Just Pay for your Assignment

  • Turnitin Report

  • Proofreading and Editing

    $9.00Per Page
  • Consultation with Expert

    $35.00Per Hour
  • Live Session 1-on-1

    $40.00Per 30 min.
  • Quality Check

  • Total

  • Let's Start

Browse across 1 Million Assignment Samples for Free

Explore MASS
Order Now

My Assignment Services- Whatsapp Tap to ChatGet instant assignment help