Authors: Raj Kumar Patel, Dr. Lalan Kumar Singh , Dr. Narendra Kumar
Certificate: View Certificate
In the current environment, cloud computing has developed into a commercial technology that enables users to quickly access resources via the internet on a pay-per-use basis. The customer receives these resources in the form of services. The three service models offered by the cloud services are infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). As a result of the enormous improvement in cloud computing technology, it is now widely employed by a variety of business applications, industry apps, Enterprise organizations that have committed to multi-cloud designs, and most IT expenditures are based on the cloud. However, security is the main issue that requires more attention. Recent research indicate that resource availability is the main security issue that cloud users must deal with. The distributed denial of service attack is the main cause of this availability problem. A more advanced form of denial of service is the Distributed DoS assault. It is used by everyone to share knowledge, not just researchers. Therefore, the internet is used to transmit all information to any location in the world. As a result, the internet needs to be more dependable, secure, and safe. The number of attacks has increased exponentially with the growth of the internet. Among all attacks, DDOS is the most upsetting and intensive attack for reducing the network\'s resource or bandwidth. In this study, we will look at various DDoS attack types, their tactics, and associated defences. The treatment of several DDoS attack defence tactics, such as detection, defence, and mitigation, is explored in this study as well.
For many of the applications, computer network technology may be crucial. Security is therefore crucial for these applications. There aren't many security measures that can be quickly put into place, despite the fact that network security is a major requirement in expanding networks.
Since there is a communication gap between those who develop network security technologies and those who develop networks, there are various gaps in network security. An established procedure, network design is mostly based on the Open System Interface (OSI) model. The OSI model has several benefits for network architecture. The OSI paradigm provides flexibility, modularity, usability, and protocol standardization.
Any attempt to jeopardize the security of the data held by any organization is considered a security attack. There are numerous classifications for these attacks. Some of the assaults aim to discover system or personnel knowledge. Other assaults are employed to obstruct the system's intended operation. Some attacks employ the system's resources to their fullest potential. Security breaches can be divided into active and passive attacks.
It is simple to integrate the protocols that are used at various OSI model layers to build a stack that enables module creation. The OSI model's individual layer implementations can be altered later on without requiring additional changes, giving network development flexibility. Secure network design is a less developed method than network design in general. For managing the complexity of security requirement complexity, there is no established methodology. Secure network design does not have the same benefits as regular network design. The importance of the network as a whole being secure must be emphasized while thinking about network security.
While transmitting the data, the communication route between the two parties shouldn't be exposed to security breaches. The network's middle attacker might assault the communication channel, steal the data, decode the information, and then re-insert the fake message.
Denial of service attacks have the potential to disconnect web servers from the Internet. Such attacks result in device flooding from many types of devices, which poses a serious threat to cyber security.
DDoS assaults can take many different shapes. In the course of the application stage, pattern identification for attack detection often takes place in the specifics of the received packets.
No matter how large the bombardment, the fundamental concept remains the same. overburden a server with requests that it is unable to handle Repeat this until it crashes or becomes unresponsive. It can commonly take hours to repair service outages, which can cost a lot of money.
Data transmission is severely constrained by a DDoS attack on an intrusion detection system, which results in a tremendous influx of packets carrying thousands of infected computers. As a result, the victim system makes it difficult to handle essential infrastructure.
A botnet is a collection of tens of thousands of commonly infected PC users who are being used or produced by a criminal organization. A DDoS attack is currently organized in this manner. Although DDoS poses a serious safety risk and is the topic of continuous research, it is not a threat that is becoming worse.
DDoS attacks are a severe risk to different data centers, and from 2003 to 2021, many safety precautions were put in place. By managing the complex interactions between many defenses and techniques, DDoS invasions have been decreased. However, this results in very complex processes that are challenging to predict and keep track of because of greatly improved software and infrastructures. We prepared to address these issues by identifying gaps in the assessment and application of these solutions through a review of the literature and a mapping analysis.
II. DEFINING DISTRIBUTED DENIAL-OF-SERVICE ATTACK
Distributed – DdoS Attack is a sort of attack in which the perpetrator multiplies the influence of an attack resulting from a significant number of computer agents on the victim. Before assaulting, the attacker has remote access to a sizable number of computers. By using hacking techniques or malicious code insertion, the attacker takes advantage of these computers' vulnerabilities to take over and control them. Typically, these machines are referred to as zombies. The phrase "botnet" refers to the zombie collective.
The size of the botnet determines how powerful the attack will be. The attack will be more devastating and severe the larger the botnet. In a botnet, the attacker chooses handlers who carry out control tasks and relay all instructions to the zombies as well as information about the victim that they learn from the zombies. Each handler is accompanied by a group of zombies, and these handlers interact with both the zombies and the attacker.
Zombies and handlers are computers from the public network, but the users of these computers are unaware that they are part of a botnet. A DDOS attack launches an attack using numerous computers. A coordinated DOS assault is launched by the attacker against one or more target systems. By utilizing many unaware PCs as the attack's platform, the attacker attempts to maximise the impact of the DOS by exploiting client-server technologies. One of the PCs using the stolen account has the most crucial DDOS main application loaded.
The master software connects with any number of applications installed on various computers located in various locations that serve as agents at a specific time. The agent launches the attack after receiving the order. The primary software placed on a certain machine can quickly start hundreds or thousands of agents programmes using client-server technology.
III. MECHANISM OF DISTRIBUTED – DOS ATTACKS
A huge number of compromised computers are used to launch DDoS assaults, which are coordinated large-scale internet attacks. Using client-server technologies, the source attacker can significantly boost the effectiveness of the Denial of Service by utilizing the capabilities of several ignorant assistant computers.
When given orders from a machine (master) under the attacker's control, a set of machines (agents) conducts a DDoS attack by sending packets to a victim host. Master agents under the attacker's control collaborate with him. agent servants More specifically, the attacker sends an attack order to those machines, forcing them to awaken from their resting state and start attacking. This activates all attack processes on master agents.
Then, master agents send attack commands to slave agents via those processes, instructing them to conduct a DDoS assault on the target. The target is bombarded with a large number of packets from the agent computers (slaves) in this method, overloading the target's system and exhausting all of its resources.
IV. MAIN MOTIVE BEHIND THE DDOS ATTACKS
Although there may be a wide range of motivations or intentions behind DDoS assaults, we have included some of the most significant and common attack types below.
V. OUTLINING VARIOUS TYPES OF DDOS ATTACK
DDoS attacks have already been reported in their hundreds in various parts of the world, and the number is rising daily. A DDoS attack is launched using a variety of methods. However, the following three broad categories can be used to group all types of DDoS attacks.
VI. LITERATURE REVIEW
The largest risk associated with DDoS assaults is the volume of packets used, not the content of the packets themselves. The main problem with these attacks is the deterioration of standard network protocols. Flooding DDoS attacks are a problem for contemporary network topologies. In order to analyse and select some of the top prevention and detection strategies to discuss in this review paper, we read more than 45 papers in total.
8. Giotis et al. (2014) successfully identified DDoS, port-scan attacks, and worm propagation by using a well-liked entropy-based approach . The source and destination IP addresses as well as the source and destination ports are flow-related traffic parameters that are utilized to spot irregularities. In order to identify abnormalities, thresholds on changes in the entropy values have been used.
9. Distributed IDS System was presented by Hu et al. in 2013 . Using an event processing engine, this IDS technique finds the network attack. A sub-controller, an event bus, an event channel, and hyper-controlled logic are some of the parts of this engine. Synchronizing the sub-controller and spotting any fraudulent traffic flow that was buffered from an event channel and sent across the event bus are the duties of the hyper-responsibility controller. Based on the programmable (SDN) aspect of the technology, Skowyra  released a Learning-IDS that has the adaptability to change network state in response to malicious intent.
10. In the context of the cloud computing environment, Masdari et al. (2016) examined DDoS attack types with new attacks on virtual machines and hypervisors . The authors also include well-known network protection techniques and cloud computing DDoS defenses.
In order to provide defences against the various DDoS attacks, numerous studies are being done. However, despite advances in technology and strong security measures, DDoS attacks continue to occur. Instead, the attackers are expanding the size and frequency of the strikes across a variety of dimensions. Any time a new threat or attack materialises, researchers will work to identify its root cause and develop remedies to stop it. According to recent research, the main reason why new DDoS attacks can\'t be stopped is that there isn\'t enough support across different network nodes. This is due the Internet (networks of networks) preventing the widespread adoption of international cooperation. Due to socioeconomic challenges, it will be difficult to implement new preventive measures internationally. Defensive methods cannot be implemented against DDoS attacks since they are dispersed in nature and attackers use multiple networks. The DDoS assault detection method can be improved by setting up efficient audit and accountability on the internet as a whole, however this is not practical in real life.
 L. Zhang, S. Yu, D. Wu and P. Watlers, “A Survey on Latest Botnet Attack andDefense”, In Proceedings of 10th International Conference on Trust, Security andPrivacy in Computing and Communications, IEEE, pp. 53-60, 2011.  S.T. Zargar, J. Joshi, D. Tipper, “A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks”, IEEE Communications Surveys & Tutorials, 15 (4) (2013), pp. 2059-2068, 10.1109/SURV.2013.031413.00127  D. Dittrich, “The Tribe Flood Network Distributed Denial of Service attack tool,” University of Washington, October 21, 1999. Available at: http://staff.washington.edu/dittrich/misc/tfn.analysis.txt  A. Furfaro, G. Malena, L. Molina, A. Parise, “A Simulation Model for the Analysis of DDoS Amplification Attacks” Conference on Modeling and Simulation (2015), pp. 266-273  K.S. Bhosale, M. Nenova, G. Iliev, “The Distributed Denial of Service attacks (DDoS) prevention mechanisms on application layer”, Conference on Advanced Technologies, Systems and Services in Telecommunications, IEEE (2017), pp. 136-138  P. Ferguson et. al., “Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing”, Technical report, The Internet Society, 1998.  Cheng Jin, Haining Wang, and Kang G. Shin. 2003. Hop-Count Filtering: An Effective Defense against Spoofed DDoS Traffic. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS ’03), 30–41. doi: 10.1145/948109.948116.  Yang Xiang, Ke Li, and Wanlei Zhou, Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics, IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6, NO. 2, JUNE 2011  Ilker Ozcelik, Yu Fu , Richard R. Brooks ,DoS Detection is Easier Now, 2013 Second GENI Research and Educational Experiment Workshop.  Saman Taghavi Zargar, Joshi, Member, IEEE, and David Tipper, A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks, IEEE COMMUNICATIONS SURVEYS & TUTORIALS, ACCEPTED FOR PUBLICATION (2013)  Ahmad Sanmorino1, Setiadi Yazid2, DDoS Attack detection method and mitigation using pattern of the flow,2013 International conference of Information and communication technology(ICoICT)  Giotis A, Ahmed L., “A Source-end Defence against flooding denial of Service Attacks”, In IEEE Transactions on Dependable and Secure Computing”, Vol. 2, pp. 219-228, 2014.  Y.-L. Hu and W.-B. Su, \"Design of Event-Based Intrusion Detection System on OpenFlow Network,\" in 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2013.  R. Skowyra, \"Software-Defined IDS for Securing Embedded Mobile Devices,\" in IEEE High-Performance Extreme Computing Conference (HPEC), 2013.  Masdari, M.; Jalali, M. “A survey and taxonomy of DoS attacks in cloud computing. Security. Commun. & Networking”, 2016, 9, 3724–3751; SCN-15-0746.R1.
Copyright © 2023 Raj Kumar Patel, Dr. Lalan Kumar Singh , Dr. Narendra Kumar. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.