Authors: Dhairya Patel
Certificate: View Certificate
The present era is completely dependent on Internet which serves as a global information source for all users. Therefore the availability of internet is very important. Distributed denial-of-service is one kind of the most highlighted and most important attacks of today’s cyber world. This paper mainly focuses on the DDoS attack which obstruct the network availability by overflowing the victim with high volume of illegal traffic usurping its bandwidth, overburdening it to prevent valid traffic to get through. We have also described the various types of DoS attack techniques that are inflicted upon the ISPs. The study of this research is to find out the various techniques to prevent these attacks along with their mitigation techniques and to find out any possible solution.
The Internet is defined as an interconnected system of computer networks. The scope of internet in day to day life is very vast. It provides a wide range of information, services, resources which allows all the sectors to be well linked As the need of internet is growing faster with time, various issues are related to its security. The reason for internet insecurity is basically concerned with its design because the foremost concern was its functionality rather than its security. Hence several types of attacks and threats are reason for apprehension towards security of internet.
The issues related to internet security are authentication, integrity, availability, confidentiality and non-repudiation. Among all the attacks DDoS (Distributed Denial of service) attacks are those which hinder clients, users to access all the advantages of services available to them from server side. The number of DoS and DDoS attacks on the Internet Service Providers has risen sharply in the last several years. Service providers are under tremendous pressure to prevent, monitor and mitigate DDoS attacks directed toward their customers and their infrastructure.
II. INTERNET SERVICE PROVIDER (ISP)
An Internet Service Provider (ISP) provides services for accessing and using the Internet. ISP providers may be organized in various forms, such as commercial, community-owned, non-profit, or otherwise privately owned.
The services provided by ISP are as follows:
III. DOS: A MAJOR THREAT TO THE ISPS
The impact of a successful DDoS attack on an ISP is widespread. Site performance is severely compromised, resulting in frustrated customers and other users. Service-level agreements (SLAs) are violated, resulting in costly service credits. The growing dependence on the Internet makes the impact of successful DDoS attacks. DDoS on ISPs results in the following:-
The figure given shows how DDoS attack is carried over on ISP.
a. Point A: This is the entry point of ISP
b. Point B: This is the exit point of ISP
c. Point C: This is the entry point to your network
d. Point D & E: This is the area where Anti DDoS or Firewalls or your IPS/IDS systems reside.
From the above diagram it is quite evident that DDoS may attack a single point in your infrastructure but the repercussions are felt from Point B Onwards and can be thwarted at Point B itself.
IV. UNDERSTANDING THE DDOS ATTACK
The interconnectivity among computers on which the World Wide Web relies, renders it an easy target for launch Denial-of- Service (DoS) attacks against them. A DoS attack is an attempt to make a machine or network resource unavailable to its future users, by indefinitely interrupting or suspending services of a host connected to the Internet. According to B. B. Gupta et. al (2008) CERT defines the term “Denial of Service” as “Occupancy of limited resource or difficult to renew such as network bandwidth, data structure or memory of a system”.
When many hosts coordinate to flood the victim with an abundance of attack packets, and the attack takes place simultaneously from multiple points it is called a Distributed DoS (DDoS) attack. Another form of DoS attack known as DRDoS (Distributed Reflector DDos). A DRDoS attack is more damaging than a typical DDoS attack.
From the Graph in Figure: 3 shows the percentage of worldwide DoS attack traffic between November 2017 and April 2018, sorted by originating countries. It is shown that during that period, 30% of DDoS attack traffic originated from the United States.
A. Types of DDoS Attack
B. Based on Q2 2018 DDoS Trends Report: 52 Percent of Attacks Employed Multiple Attack Types
Following are the DDoS Trends and Observations:
3. 52 % of DDoS attacks curbed by Verisign in Q2 2018 employed multiple attack types.
4. 43% of mitigation activity of the Financial Services industry, represents the most frequently targeted industry for Q2 2018. The second highest number of DDoS attacks were acknowledged by the IT Services/Cloud/SaaS industry, representing 37% of mitigation activity, which is followed by the Media and Entertainment industry, representing 20 % of mitigation activity.
Fig: 6 Top 3 Industries Targeted
C. Popular DDoS Attack Trends on ISP Network
The major DDoS attacks on ISP network are the Network Infrastructure attacks. These have a serious impact on the overall operation of the ISP. These attacks can create regional or global network outages. These includes:-
4. The following figure shows that there is 50% increase in the DDoS Attack between the year 2015-2016
V. DEFENSE CHALLENGES
In spite of the tremendous efforts by researchers and experts to address the denial of service, it still remains an unsolved problem.
The various technical and non-technical challenges underlying the inability to mitigate these attacks includes:
A. Internet Architecture Related Challenges
B. Miscellaneous Challenges
VI. DEFENCE MECHANISMS
DDoS attacks have become more sophisticated in the last several years as the level of attack automation has increased. Organizations are now increasingly targeted by application-layer DDoS attacks. Fully functional attack software and ready to use programs is readily available on the Internet allowing novice users to launch large scale attacks with little knowledge.
VII. PROPOSED SOLUTION AND METHODOLOGY
Based on our findings recommended some measures to local ISPs to strengthen security against DDoS attack in an economical manner. These include:
VIII. FUTURE SCOPE
While all tiers of network providers are taking individual precautions there is a need of unification of the efforts. Distributed nature of the DDoS attacks can be mitigated by a united effort where the local ISPs provide DDoS protection to Customers while Connection Providers (Transit Providers) avail DDoS protection to local ISPs. This hierarchical defence structure will cover security loopholes at all levels and will successfully give DDoSers a hard time.
DDoS is becoming a major component of a long term threat campaign and the level of attack automation has escalated. Several efforts are being taken by ISPs to combat it but they are still not able to overcome the problem completely, instead they are likely to pose a bigger danger in future. Several weaknesses like the distributed and non-uniform architecture of the Internet infrastructure, business policies, privacy policies and return on investment has lowered the interest of ISPs in eradicating DDoS completely. Instead DDoS protection is itself growing as a new market. Under such circumstances it seems impossible to completely eradicate DDoS from society. By following the recommendations given in paper local ISPs will be able to cope with DDoS attacks more effectively.
 https://journals.sagepub.com/doi/full/10.1177/1550147717741463  International journal of Distributed Sensor Network  https://blog.eccouncil.org/types-of-ddos-attacks-and-their-prevention-and-mitigation-strategy/  http://users.eecs.northwestern.edu/~khh575/pub/pub/Report-DDoS-1.pdf  International Journal of Computer Applications (0975 – 8887) Volume 67– No.19, April 2013 https://www.researchgate.net/publication/258790077_DDoS_Attack_Prevention_and_Mitigation_Techniques_-_A_Review
Copyright © 2022 Dhairya Patel. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.