B. Defensive Techniques:These are described in two phases:Detection and Mitigation. The attack must have to be recognized to take furthersteps to stop these attacks and to enhance the network security or serversecurity.
a. Detection can be done in two ways.Signature based detection and anomaly based detection. Signature based detection:Thepattern of incoming packets such as port number, identification number etc isprovided to the entrance switch or router in a network 19. The entrancerouter or switch uses this information to compare the incoming packets and todetect the attack.Anomaly based detection: Inthis method the normal behavior of the traffic is observed and comparedwith the incoming traffic to evaluate the difference to detectthe DDoS attack. b. Techniquesfor mitigation are divided into two categories: fault tolerance and Quality ofServices.
Faulttolerance can bemaximized by duplicating its resources and diversifying its accesspoints so that a network can continue to offer its services by other networklink even after congesting one network link 7.Quality of service (QoS) assuresability of a network to deliver predictable output and service forcertain type of application and traffic under attack situation. C. Post-active techniques:During a DDoS attack if traffic patterndata is stored, it can be analyzed after the attack to look for specificcharacteristics within the attacking traffic.
This characteristic data can beused further to develop and update defense mechanisms and also to increasetheir efficiency and protection ability.a. Traceback:It is a technique to locate the agentmachines that trigger the DDoS attacks. Without requiring any interactive operationalsupport from ISP (Internet Service Provider) traceback mechanism helps a victimto identify the network paths traversed by attack traffic 6, 21.Additionally, this method assists in providing the victim system withinformation that might help develop filters to block the attack when theattacker sends vastly different types of attacking traffic. b.
TrafficPattern Analysis: During a DDoS attack if traffic pattern datais stored it can be analyzed after the attack to look for specificcharacteristics within the attacking traffic 22. This characteristic data canbe used for updating the countermeasures such as load balancing and throttlingcountermeasures 20 and to increase their efficiency and protection ability.Additionally, this data can help network administrators to develop newfiltering techniques that can prevent DDoS attack traffic from entering orleaving their networks. c. Event Logs: In the event the attacker does severe financialdamage, logs of the DDoS attack information kept by the network administratorcan be used in order to do a forensic analysis and to assist law enforcement. Providerscan store all the events occurred during the setup and execution of the attackusing honeypots and other network equipment such as packet sniffers, firewallsand server logs.
This allows the network administrators to discover the type ofDDoS attack was used. VI. CONCLUSIONQuite advanced and powerful methods are used by theDDoS attackers to attack a network system to make it unusable to the legitimateusers or to degrade its performance. They are increasingly mounted byprofessional hacks in exchange for money and benefits.
This review articlegives a survey of various kinds of DDoS attack techniques and defensemechanisms. It provides a basic idea of the techniques to the researchers whowant to start their research work in thearea of network security.