Denial-of-Service Attacks

Availability requires that computer systems function normally without loss of resources to legitimate users. One of the most challenging issues to availability is the denial-ofservice (DoS) attack. DoS attacks constitute one of the major threats and among the hardest security problems in today’s Internet. The main aim of a DoS is the disruption of services by attempting to limit access to a machine or service. Depending on the attackers’ strategy, the target resources may be the fi le system space, the process space, the network bandwidth, or the network connections. These attacks achieve their goal by sending at a victim a stream of packets in order to exhaust the bandwidth of its network traffi c or its processing capacity denying or degrading service to legitimate users. There have been some large-scale attacks targeting high-profi le Internet sites [1–3]. Distributed denial-of-service (DDoS) attacks add the many-to-one dimension to the DoS problem, making the prevention and mitigation of such attacks more diffi cult and the impact proportionally severe. These attacks use many Internet hosts in order to exhaust the resources of the target and cause DoS to legitimate clients. The traffi c is usually so aggregated that it is diffi cult to distinguish legitimate packets from attack packets. More importantly, the attack volume can be larger than the system can handle. There are no apparent characteristics of DDoS streams that could be directly and wholesalely used for their detection and fi ltering. The attacks achieve their desired effect by sending large amounts of network traffi c and by varying packet fi elds in order to avoid characterization and tracing. Extremely sophisticated, “user-friendly,” and powerful DDoS toolkits are available to potential attackers, increasing the danger of becoming a victim in a DoS or a DDoS attack, as essential systems are ill prepared to defend themselves. The consequences of DoS attacks are extremely serious and fi nancially disastrous, as can be seen by frequent headlines naming the most recent victim of a DoS attack. In February 2001, University of California at San Diego (UCSD) [3] network researchers from the San Diego Supercomputer Center (SDSC) and the Jacobs School of Engineering analyzed the pattern of DoS attacks against the computers of corporations, universities, and private individuals. They proposed a new technique, called “backscatter analysis.” This technique estimates the worldwide DoS activity. This research provided the only data