A Review of Defense Mechanisms against Distributed Denial-of-Service (DDoS) Attacks on the Application Layer, as well as Machine Learning (ML)-based Mechanisms to Defend Against DDoS Attacks
Keywords:
Distributed Denial-of-service attacks; Intrusion detection systems; FirewallsAbstract
DoS attacks at the application layer are made possible by flaws in the implementation or design of protocols. In contrast to volumetric DoS attacks, these assaults are covert and aim at a particular program that is currently running on the victim. Numerous attacks on commonly used protocols at the application level have been discovered in recent years. In this paper, we provide a structured and thorough review of current application-level DoS risks and ways to mitigate them. Existing attacks and defenses are broken down into distinct groups, detailed in-depth, and contrasted using significant indicators of performance. The paper ends with suggestions for additional research.
Downloads
References
C. Douligeris and A. Mitrokotsa, “DDoS attacks and defense mechanisms: Classification and state- of-the-art,” Computer Networks, vol. 44, no. 5, pp. 643–666, Apr. 2004, doi: 10.1016/j.comnet.2003.10.003.
S. T. Zargar, J. Joshi, and D. Tipper, “A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks,” IEEE Communications Surveys and Tutorials, vol. 15, no. 4, pp. 2046–2069, 2013, doi: 10.1109/SURV.2013.031413.00127.
A. Selamat, A. R. Yusof, and N. I. Udzir, “Systematic literature review and taxonomy for DDoS attack detection and prediction,” International Journal of Digital Enterprise Technology, vol. 1, no. 3, p. 292, 2019, doi: 10.1504/ijdet.2019.10019068.
V. de M. Rios, P. R. M. Inácio, D. Magoni, and M. M. Freire, “Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms,” vol. 186, Feb. 2021, doi: 10.1016/j.comnet.2020.107792.
Abdullah Akbar, S. Mahaboob Basha, and Syed Abdul Sattar, “Leveraging the SIP Load balancer to detect and mitigate DDos attacks,” 2015.
Huey-Ing Liu, “Defending Systems Against Tilt DDoS Attacks,” 2011.
H. O.-H. K. Jae-Hyun Jun, “DDoS flooding attack detection througha step-by-step investigation,” 2011.
M. B. J. L. Luis von Ahn, TELLING HUMANS AND COMPUTERS APART, vol. 47. 2014.
S. Ranjan, R. Swaminathan, M. Uysal, and E. Knightly, “DDoS-Resilient Scheduling to Counter Application Layer Attacks under Imperfect Detection.” [Online]. Available: http://www.ece.rice.edu/networks
S. Yu, W. Zhou, W. Jia, S. Guo, Y. Xiang, and F. Tang, “Discriminating DDoS attacks from flash crowds using flow correlation coefficient,” IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 6, pp. 1073–1080, 2012, doi: 10.1109/TPDS.2011.262.
Guanhua Yan and Ritchie Lee, “Towards a Bayesian Network Game Framework forEvaluating DDoS Attacks and Defense,” p. 1070, 2012.
J. Yu, C. Fang, L. Lu, and Z. Li, “A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks,” 2009.
Charles Tang and Edward Lee and Andrew Tang, “Mitigating HTTP Flooding Attacks with Meta- data Analysis,” p. 71, 2015.
J. K. Bains, K. K. Kaki, and K. Sharma, “Intrusion Detection System with Multi Layer using Bayesian Networks,” 2013.
V. Das, V. Pathak, S. Sharma, Sreevathsan, MVVNS. Srikanth, and T. Gireesh Kumar, “Network Intrusion Detection System Based On Machine Learning Algorithms,” International Journal of Computer Science and Information Technology, vol. 2, no. 6, pp. 138–151, Dec. 2010, doi: 10.5121/ijcsit.2010.2613.
T. Subbulakshmi, P. Parameswaran, C. Parthiban, M. Mariselvi, J. A. Anusha, And G. Mahalakshmi, “A Unified Approach For Detection And Prevention Of Ddos Attacks Using Enhanced Support Vector Machines And Filtering Mechanisms,” 2013.
R. C. Chen, C. Dewi, S. W. Huang, and R. E. Caraka, “Selecting critical features for data classification based on machine learning methods,” Journal of Big Data, vol. 7, no. 1, Dec. 2020, doi: 10.1186/s40537-020-00327-4.
T.Subbulakshmi, Dr. S. Mercy Shalinie, V.GanapathiSubramanian, and K.BalaKrishnan, “Detection of DDoS Attacks using Enhanced Support Vector Machines with Real Time Generated Dataset,” 2011.
S. K. Singh and A. K. Gupta, “Application of support vector regression in predicting thickness strains in hydro-mechanical deep drawing and comparison with ANN and FEM,” CIRP Journal of Manufacturing Science and Technology, vol. 3, no. 1, pp. 66–72, 2010, doi: 10.1016/j.cirpj.2010.07.005.
M. Salunke, R. Kabra, and A. Kumar, “IRJET-Layered architecture for DoS attack detection system by combine approach of Naive bayes and Improved K-mea Layered architecture for DoS attack detection system by combine approach of Naive bayes and Improved K-means Clustering Algorithm,” International Research Journal of Engineering and Technology, 2015, [Online]. Available: www.irjet.net
Downloads
Published
How to Cite
Issue
Section
License
![Creative Commons License](http://i.creativecommons.org/l/by-sa/4.0/88x31.png)
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.