Denial Of Service (DoS) Attack: Background, Techniques, And Prevention Methods

Background of DoS attack

The aim of this paper is discussing about Denial of Service Attack or DoS attack which is designed for shutting down, disabling or disrupting the network, services or websites. Basically a malware is utilized for inhibiting or interrupting the normal data flow in to as well as out of the system for rendering the targets inaccessible or useless for a certain period of time. As example it can be said that whenever a website is repeatedly and massively accessed from various locations, preventing the legitimate visitors from getting access to the site (Mahjabin et al., 2017) More clearly, the DoS )attack is a kind of cyber crime in that a website can be made unavailable typically by utilizing various computers for making requests repeatedly which tie up the site as well as prevent that from making responses to the requests from the legitimate users. In this report the general background of DoS attack will be discussed as well as the discussion about methods used by DoS attackers will be also done. After that the prevention methods against DoS attacks and countermeasures and techniques against DDoS attacks will be also discussed.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

The DoS attack is actually a type of cyber crime in that an website is made as unavailable by utilizing multiple PCs for repeatedly making requests which tie up the site as well as prevent that from making responses for the requests from legitimate users. This kind of cyber attacks are special type of hacking, a criminal salts an array of PCs with computer programs which can be triggered through an external computer user. Those programs are called as trojan horses since they enter to the computers of unknowing users as something benign like document or photo which are attached to the email (Jamal et al., 2018). At the time of predesignating, the program called trojan horses starts sending messages to a site which is predesignated.

(Figure: DoS and DDoS attack)

If enough computers are compromised there, this is likely that the site that has been selected can be tied up so much effectively that small if any of the legitimate traffic can reach that. A major insight which is offered by the events has been that much tool is insecure as well as make the things easy for a hacker even who is not skilled for compromising a huge number of machines. Although regularly the software companies offer patches for fixing the software vulnerabilities not to all the user who can implement updates as well as the computers of them remain vulnerable to the criminals who are having the requirement for launching DoS attacks.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Technique used by DoS attackers

The denial of service attacks are on the rise as consumers and businesses utilize more digital type of platforms for making communications and transactions with one another. The DoS attacks can prevent the users from getting access a service through overwhelming wither the network connections or physical resources.

The attacker can essentially flood the services with so much of data and traffic which no one else can utilize that until the malicious flow has been handle. On the way of overloading the physical resources of the services is for sending that so many requests in such a short timing which is overwhelmed by it for all of the memory available along with storage space, memory or processing (Vaccari, Aiello and Cambiaso, 2020). For the extreme cases that can also lead for damages of the physical components for those resources.

(Figure: Botnet attack for DOS) created by author

Similarly for disrupting the network connection of the services the DoS attackers can send malformed, invalid or just a over whelming numbers of the connection requests for that, While those are being addressed and the connection requests from the legitimate users can not be completed (Biron, Dey and Pisu, 2018). Occasionally the DoS attack can exploit the vulnerabilities in a website or in a program for forcing an improper utilization of the network connections along with resources that can also lead towards denial of service attack.

Some of the malwares also included wit the ability of launching DoS attacks whenever they will infect the device or computer, the threats can also utilize the resources of the machines which are infected for performing the attacks. If multiple infected machines will launch attacks against the similar target, then that will be also called for Denial of Service attack. The volume of information and data used in the DoS attack can be so big up to the rates of various gb per seconds.

(Figure: DoS attack)

The botnets are quite often utilized for performing the DDoS attacks as most of the services do not having the resources which are required for countering the attack from thousands or even hundreds of thousands of the devices which are infected (Jamal et al., 2018). Resulting the DoS to additional appeals, the target of the DoS attack is to awash the ability of the aimed machine. Also, the various attack vectors of the DoS attacks can be assembled by the similarities. Typically, this attacks fall in two categories –

  • Flood attacks – the malicious actor is capable to awash the server capacity by saturating the aimed server with the overwhelming amount of the packets. Also, the malicious actor must have available bandwidth than the quarry.
  • Buffer overflow attacks – a memory buffer overflow, which an attack type that can cause a machine to consume every available memory, hard disk space or CPU time (Phan and Park, 2019). Resulting in DoS attack, this form of exploit often results in system crashes, sluggish behavior or the deleterious server behaviors.

Countermeasures against DoS attacks

(Figure: Target server for DoS attack)

The methods used by attacker are discussed as follows:

  • Protocol or network-layer attacks – it sends huge number of networking packets to the infrastructure management tools as well as to the network infrastructure. The size can be measured in PPS as well as include SYN floods (that tie up networks with the half-opened connection appeals) and Smurf the DDoS attacks (network layer attacks which is planned to flood the aimed server with the error messages).
  • Volume-based attacks – it uses huge amounts of false traffic to overwhelm the online resource such as a website or server. The attack of the volume is measured in bits per second.
  • Application-layer attacks – these are conducted by the flooding applications with malicious appeals and also similar to the volume-based attacks. Also, the size is measured in the RPS.

Most of the attackers prefer HTTP flooding attacks which is actually a type of volumetric distributed denial of service attack that is designed for overwhelming a targeted server with the requests of HTTP. Once the target will be saturated with the requests as well as is unable for making responses for the normal traffic the denial of service may also occur for the additional requests.

Denial of Service Or DOS of attacks are likely to occur if a managed service suddenly stops working. The main reason for this kind of attack is the failure of unavailability in this case. Infrastructure often fails to build due to power overload which increases the likelihood of this attack (Imamverdiyev and Abdullayeva, 2018). These distributed denials of service attacks occur when many malicious systems target a system. Sometimes it is programmed on multiple devices to request a service. Most importantly, in this case, the requested programming devices are unknown to the owner. This whole event is always done through distribution.

DoS attacks never attempt to steal information from other hacking attacks or dos attacks expedite the breach. However, these attacks have resulted in huge financial losses to various companies or organizations and damaged the reputation of the company. Users make some decisions in favour of alternative providers to ensure their safety. Almost all devices are unable to protect privacy, especially those devices that are provided by the Internet of Things (Nuiaa, Manickam and Alsaeedi, 2021). The heterogeneity of all the devices used in this case is completely different from each other. That’s why devices can’t provide complete protection in every case. Using this excuse, manufacturers, and owners of devices completely ignore the issue of security. An important way to prevent cyber attacks is to identify vulnerabilities in document resources. The first thing a user or organization needs to understand is what is most appealing to attackers. For an organization or individual, the user must first be aware of the risk assessment.

(Figure: Prevention stage for DoS attack)

The user must first be aware of his major weaknesses. – the symptoms of the DoS attack can look like non-malicious availability problems like the technical issues with a specific system or network administrator performing maintenance, as the CISA, which runs by the US department of the homeland security. Also, the CISA attaches, unavailability and slow network performance of a specific website can be powerful signs of the DoS attack. Here are some prevention methods –

  1. Strengthen the security posture – it includes fortifying every internet-facing device to stop compromise, establishing firewalls configured to secure against DoS attacks, maintain and installing antiviruses software, as well as following the practices of robust security to manage as well as monitor the unwanted traffic.
  2. Monitor and analyze network traffic – the network traffic can be controlled via the IDS or a firewall. the administrators can set up the rules which locate the traffic sources, make alerts for traffic that is usual or drop network packets which meet a certain-criteria (Nguyen, Iacono and Federrath, 2019).
  3. Established a DoS attack response plan – the key is to practice and make the disaster the recovery plan for the DoS attack which covers the mitigation, communication and the recovery.
  4. Monitor traffic – while, permitting normal traffic to proceed on the network, the organizations can enroll in the service which redirects or detects the abnormal traffic flows that associated with the DoS attack.

(Figure: Network traffic analysis)

From the above figure it can be seen that the network traffic can analyzed in such a way so that any kind of malicious activities can be detected.

Any organizations which can locate itself a target as the DDoS and DoS threats continue to climb. This effect can extend in short-term server outages, angry customers, financial losses and brand damage (Zhong et al., 2017). The organizations which takes appropriate protection prevention steps that can mitigate the all over costs of full-fledged and targeting attacks.

(Figure: Stopping DoS attack from hackers)

The users need to find answers to certain questions such as what kind of information that user collects or how they diversify the stored information and who has access to that important information etc. They then need to make sure to their owner how their data is protected and also how the user protects his e-mail, network, computer, and other electronic devices. The user needs to confirm whether any other social media interaction is present with his company’s network.  If any type of communication exists, it should be considered as a formal written policy. The second method is very important (Gohil and Kumar, 2020). Here the user must identify all types and internal threats and make a list of them.

The user or organization must first identify all types of cyber criminals and get a full idea of how they are attacked. Then you need to be aware of how to avoid those attacks. The user needs to know about the type of attack of the attackers. Sometimes the company has to keep an eye on its employees, not always on the outside world.  This is because a hacker can sometimes carry out a hacking method even if he only knows one thing. The third thing to look for is self-assessment vulnerability. Nowadays many tools are available for free but many tools are available for some money.

(Figure: Firewall for preventing DoS attack)

Using such tools, they can scan news and its network, as well as determine whether their services are working properly. You can also use these tools to find out if your software is up to date.  These tools can also be used to detect any vulnerabilities in the system. There are also special intrusion tests that allow users to re-attack any type of attack that has occurred on their system before. Such tests confirm how far the user is from attackers and exactly how much protection those systems need (Wu et al., 2018). The user also needs to analyse the business impact, such as how much of a financial impact any type of cyber attack can have on his business or how much damage can be done to his reputation.

Basically, The DoS is the type of the cyber attack that targets to render the any devices or computers to its intended users. the DoS attacks function by flooding or overwhelming an aimed machine with the appeals until the traffic is to be processed. Usually, it is characterized by utilizing a single computer to launch the attack.

(Figure: Firewall for network security)

Also, the DDoS attack is the type of the DoS attach which comes from so many distributed sources like the botnet DDoS attack. For counter measuring the DDoS attack there are some major methods, such as:

Creating a DDoS response plan: The security team should develop an incident response plan that will be suitable as well as will ensure that all of the staff members will make responses to that promptly as well as effectively in the cases of DDoS attack. The plan will be included with:

Step by step and clear instructions on how the reaction will be for the DDoS attack.

  • The process for maintaining the business related operations.
  • Go to the staff members as well as to the key stakeholders for escalation protocols.
  • A check list for all of the required tools (Chen et al., 2019).
  • A list with mission critical systems.

(Figure: Preventing DOS attack with Log analysis)

Ensuring about high level of network security: The network security is an important thing to stop the DDoS attack, as the hacker is only having an impact if the attacker is having enough time for piling up the requests, the ability of identifying the DDoS early on is so much important for controlling the blast radius. The network security controls which can be used for protecting systems from DDoS attacks are:

  • Intrusion detection systems and firewalls which will act as a traffic scanning barriers among the networks.
  • Anti malware and anti virus software which will remove and detect the malware and viruses.
  • End point security which will ensure about the network end points, do not become an entry point for the malicious activities.

(Figure: Working process of Intrusion detection system)

Having server redundancy: Relying on to multiple distributed servers can make the things hard for the hackers for attacking all of the servers at the same time. If the attacker will launch the successful DDoS attack on just a single hosting device, the other servers can also remain unaffected as well as can also take on extra traffic until the targeted system will back online.

Continuous monitoring about the network traffic: By the utilization of continuous monitoring for making analysis of traffic in real time is actually an excellent method to detect the traces of the DDoS activity. The benefits that can be get from continuous monitoring of network traffic are:

  • The real time monitoring can make sure that the DDoS attempt is detected before the attack will take full swing.
  • The teams can also establish a strong sense of typical networking activities along with traffic patterns. Once the user will know how everyday options will look, it will be easier for the teams for identifying the odd activities.
  • Around the clock monitoring can make sure about the detection of signs of the attacks which may happen outside of the office hours or in the week ends.

(Figure: Network security method)

Limit the network broadcasting: An attacker behind the DDoS attack may likely send the requests to each of the devices on the network for amplifying the impacts. The security team can also counter the tactics through limiting the networking broadcasting among devices. Limiting the broadcasting forward is an effective way for disrupting a high volume DDoS attempt.

Leveraging the cloud for preventing DDoS attacks: While utilizing on prem software and hardware for countering the threat is important, the cloud based mitigation does not having same day capacity based limitations (Boraten and Kodi, 2018). The cloud based protection can also handle and scale even major volumetric DDoS attack with the ease.

For the prevention and countermeasure of DoS attack, intrusion detection system can be used, after collecting data the IDS is designed for observing network traffic as well as match the network patterns for the known attacks. With the help of this method, sometimes called pattern correlation, the intrusion prevention system might determine if unusual activity is a cyber attack. Once malicious or suspicious activity is discovered the IDS will always send an alarm to the IT admin or specified technicians.

(Figure: Intrusion detection system)

Two major intrusion detection methods are used by the IDS, one is signature based intrusion detection and another one is anomaly based intrusion detection. The signature based intrusion detection is designed for detecting possible attacks through comparing the given network traffic along with log data for the existed attack patterns. However, the anomaly based intrusion is totally opposite which is designed for pin pointing the unknown attacks like new malware or undetected DoS attacks as well as adapt to them on the fly through utilizing the machine learning methods. The machine learning methods will enable the IDS for creating baselines of the trust worthy activities.

Conclusion:

Thus, it can be concluded from the report that the discussion about DoS attack has been done in this report. The methods used by DoS attackers has also been discussed along with the impact of this attack. This type of attack is accomplished usually by flooding the host that has been targeted or the network with the traffic till the target can not make response  or crashes. The DoS attacks can also last any where from a few hours to most of the months as well can also cost the organisations money and time while the resources along with services are unavailable.

References:

Biron, Z.A., Dey, S. and Pisu, P., 2018. Real-time detection and estimation of denial of service attack in connected vehicle systems. IEEE Transactions on Intelligent Transportation Systems, 19(12), pp.3893-3902.

Boraten, T. and Kodi, A., 2018. Mitigation of Hardware Trojan based Denial-of-Service attack for secure NoCs. Journal of Parallel and Distributed Computing, 111, pp.24-38.

Chen, H., Meng, C., Shan, Z., Fu, Z. and Bhargava, B.K., 2019. A novel Low-rate Denial of Service attack detection approach in ZigBee wireless sensor network by combining Hilbert-Huang Transformation and Trust Evaluation. IEEE Access, 7, pp.32853-32866.

Gohil, M. and Kumar, S., 2020, December. Evaluation of classification algorithms for distributed denial of service attack detection. In 2020 IEEE Third International Conference on Artificial Intelligence and Knowledge Engineering (AIKE) (pp. 138-141). IEEE.

Imamverdiyev, Y. and Abdullayeva, F., 2018. Deep learning method for denial of service attack detection based on restricted boltzmann machine. Big data, 6(2), pp.159-169.

Jamal, T., Amaral, P., Khan, A., Zameer, A., Ullah, K. and Butt, S.A., 2018. Denial of service attack in wireless LAN. ICDS 2018, 51.

Jamal, T., Haider, Z., Butt, S.A. and Chohan, A., 2018. Denial of Service Attack in Cooperative Networks. arXiv preprint arXiv:1810.11070.

Mahjabin, T., Xiao, Y., Sun, G. and Jiang, W., 2017. A survey of distributed denial-of-service attack, prevention, and mitigation techniques. International Journal of Distributed Sensor Networks, 13(12), p.1550147717741463.

Nguyen, H.V., Iacono, L.L. and Federrath, H., 2019, November. Your cache has fallen: Cache-poisoned denial-of-service attack. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (pp. 1915-1936).

Nuiaa, R.R., Manickam, S. and Alsaeedi, A.H., 2021. Distributed reflection denial of service attack: A critical review. International Journal of Electrical & Computer Engineering (2088-8708), 11(6).

Phan, T.V. and Park, M., 2019. Efficient distributed denial-of-service attack defense in SDN-based cloud. IEEE Access, 7, pp.18701-18714.

Vaccari, I., Aiello, M. and Cambiaso, E., 2020. SlowITe, a novel denial of service attack affecting MQTT. Sensors, 20(10), p.2932.

Wu, D., Li, J., Das, S.K., Wu, J., Ji, Y. and Li, Z., 2018, May. A novel distributed denial-of-service attack detection scheme for software defined networking environments. In 2018 IEEE International Conference on Communications (ICC) (pp. 1-6). IEEE.

Zhong, X., Jayawardene, I., Venayagamoorthy, G.K. and Brooks, R., 2017. Denial of service attack on tie-line bias control in a power system with PV plant. IEEE Transactions on Emerging Topics in Computational Intelligence, 1(5), pp.375-390.