Establishing a strong online presence is essential for survival in the interconnected world of today. It is crucial, even vital, for companies, banks, agencies, and private industries to create an interactive environment with customers, government officials, and other businesses in order to flourish. Embracing the Internet exposes your system to the global community.
In the modern world, cyberspace is home to different individuals with various intentions. Among them are those who seek to compromise the dependability, safety, and availability of networks. With a computer and an internet connection alone, anyone can become a target or perpetrator of cybercrime. Consequently, networks and servers encounter ongoing assaults from wrongdoers who consistently adapt their tactics to disrupt businesses for personal gain. Denial of Service (DOS) attacks and Distributed Denial of Service (DDoS) attacks are two common methods used to cause disruption.
Amidst an array of relentless disruptions, companies are grappling with substantial financial losses. To counter this ongoing challenge, security professionals bear the responsibility of deploying robust safeguards and efficient techniques to preempt, alleviate, and identify attacks before they inflict significant harm. This task centers on thwarting, mitigating, and uncovering DOS and DOS attacks in contemporary systems. Three pertinent academic journals have been selected to delve into these subjects.
The purpose of this essay is to summarize selected articles that focus on prevention, mitigation, or detection of denial of service attacks. It will also discuss a proposed technique and practical approach for incorporating these strategies into a platform. Additionally, the strengths and weaknesses of each method will be examined. To understand the rationale behind these attacks and why these specific journal articles were chosen, it is important to grasp the concept of denial of service (DOS) and distributed denial of service (DDOS) attacks. DOS and Dos attacks are commonly used cyber attacks because they are effective and easy to execute. The attacker’s goal is to disable or block access to specific resources on the victim’s computer or server.
The attacker achieves this by flooding the victim with a substantial volume of seemingly authentic requests. As a consequence, the victim’s computer or server becomes overwhelmed and the specific resource in question becomes inaccessible. These attacks highlight a notable vulnerability not only in specific applications, but also within the TCP/IP suite (Josh & Miser, 2010). A DOS attack only occurs when an individual deliberately slows down or entirely halts a resource on a computer or network. A Dos attack closely resembles a DOS attack.
This type of attack is carried out in a coordinated manner against multiple computers or devices. Its objective is to render a specific target or multiple computers and servers inaccessible. The initial instance of a DOS attack was observed at a University in 1999. Since then, these attacks have grown in complexity and sophistication. Their impact has varied from decreased website speeds to financial institutions suffering significant losses due to customer inaccessibility.
The article “Dos Prevention Techniques” provides a thorough explanation of the distinctions between two types of attacks, various Dos tools employed by attackers, and methods to prevent and defend against such attacks. Additionally, the chosen article titled “Prevention of Attacks under Dos Using Target Customer Behavior” not only offers an overview of this attack method but also suggests a specific approach to safeguarding a potential server by employing behavior-based actions to block DOS attacks.
The last article, titled “A Novel Technique for Detection and Prevention of Dos,” provides a summary of the Dos attack and offers a method to filter such attacks on online banking websites. Another article, titled “Dos Prevention Techniques,” primarily focuses on Dos attacks, their prevention methods, and the tools utilized by criminals to carry out these attacks. One specific tool mentioned is Triton, which enables a coordinated UDP flooding attack on a target (Josh & Miser, 2010).
Josh & Miser discussed Trinity, an IIRC-based Dos attack tool that uses flooding methods of TCP SYNC, TCP REST, TCP SACK request to flood TCP/IP, UDP, and IP Fragment. This article provides preventative methods against Dos attacks, divided into General Techniques and Filtering Techniques. With a plethora of examples in the article, two general techniques will be discussed along with their practical approaches, advantages, and disadvantages.
One way to prevent Dos attacks is by “disabling unused services.” Attackers cannot exploit something that is not accessible to them. Therefore, the fewer applications and open ports a host has, the less likely an attacker can exploit any vulnerabilities. Consequently, any unnecessary network applications should be disabled or closed right away (Josh & Miser, 2010). This approach has the benefit of reducing the attack surface, which helps protect the host from receiving requests from ports that could potentially flood the system.
Using a firewall is another way to prevent attacks and limit the number of applications needed to efficiently run your organization. It can help mitigate simple Denial of Service (Dos) attacks with rules like implicit deny or denying certain ports and IP addresses. However, using a firewall to mitigate sophisticated attacks on web traffic ports, like Port 80, can be disadvantageous.
A firewall is unable to differentiate between legitimate traffic and malicious traffic that passes through a port (Josh & Miser, 2010). This lack of distinction can result in an attack being successfully executed if the firewall is unable to determine what qualifies as good or bad traffic. An article discussed a filtering technique called “History Based IP Filtering.” Typically, traffic remains balanced and stable during normal operations. However, most DOS attacks employ IP addresses that have never been encountered on the network in order to overwhelm the system.
This method of filtration utilizes an IP Address Database (DAD) to store commonly used IP addresses. When an attack is initiated and the source address does not exist in the DAD, the request is declined. The benefit of this type of defense against DOS attacks is that it prevents unfamiliar IP addresses from reaching the host. However, a disadvantage is that it does not block legitimate or known IP addresses already present in the database. Additionally, the cost involved in storing and sharing information is considered to be very high (Shoos & Miser, 2010).
So if cost is a concern for an organization, this method may not be the most suitable. These methods can be easily implemented by any organization. Most security professionals should already have these measures in place, such as firewalls and minimizing the attack surface by disabling unnecessary services. While history-based IP filtering is a more expensive alternative to these methods, it can provide an additional layer of security. 4 Article Two The second article, titled “Prevention of Attacks under Dos Using Target Customer Behavior,” introduces a method that uses an algorithm to analyze client requests in real time and decide whether they should be blocked or allowed in order to mitigate attacks. This algorithm maintains a list of registered users and blocks requests from unknown users. The purpose of this tool is to only allow authorized clients to access the server. To achieve this, the method first categorizes the requesting client as either registered or non-registered. During peak times, an anomaly-based system is utilized by the tool to help identify malicious requests.
The authors of the article (Suppurates & Militia, 2012) explain that a client can be considered malicious if they send repeated requests during peak hours, making them an anomaly client or a possible attacking client. This tool can track whether the requests made by the client are authorized or unauthorized. If a request is deemed unauthorized, the client is temporarily blocked and placed in a group of non-registered users until the peak time is over. The proposed method also includes a count system to keep track of the number of requests a client attempts, which are referred to as “Access Count” and “Warning Count”. According to the article, “The access count is the count that can be incremented every time the client sends the request. The Warning Count is the count that can be incremented once the unregistered client sends anomalous request” (Suppurates & Militia, 2012). This count system helps determine if requests are legitimate and only temporarily blocks them during peak times to prevent system overload. Additionally, there is an option for a permanent block when the warning count reaches its threshold (Suppurates & Militia, 2012).
This feature has real-time functionality, making it highly beneficial for mitigating Dos attacks. The following diagram demonstrates how this approach is applied to all server information requests made by users. This tool can be effortlessly incorporated by any organization seeking to safeguard their systems and oversee customer and client user data. The only drawback during implementation is the potential temporary lockout of legitimate users upon making excessive incorrect requests.
The only downside of this approach is inconvenience for certain users. However, it shows great promise as it does not entirely block IP addresses like some filtering systems do. Instead, it classifies them as unauthorized and separates them from authorized clients and systems. If the unauthorized clients meet specific requirements and do not exceed the warning limit, their requests may be authorized. Additionally, if an unauthorized client surpasses the warning limit, they will be completely blocked for added security.
Article Three, titled “A Novel Technique for Detection and Prevention of Dos,” focuses on a unique method for detecting and preventing DOS attacks. This method utilizes the Hidden Markova Model, similar to the previous method mentioned. It is an anomaly-based system that assesses request behavior to determine whether users should be blocked or authorized. However, it employs a different approach to authorize requests before granting access to the system.