Distributed Denial-of-Service (DDoS) Attacks and Defense Mechanisms in Various Web-Enabled Computing Platforms: Issues, Challenges, and Future Research Directions

1. Introduction

One of the most notorious attacks, raging around the Internet for more than 30 years, are the Denial-of-Service (DoS) attacks. The DoS attacks intend to paralyze the target by disrupting the connectivity between the target and its intended users and preventing users from network access. It exhausts sever resources like bandwidth, memory capacity, CPU processing power, etc. and brings down the entire network at last. This activity forces the target to shut down and reboot. The emergence of Distributed DoS attack was witnessed in summer 1999 (Criscuolo, 2000). Afterwards, the majority of DoS attacks occurring on the Internet are distributed in nature. The foremost purpose of these attacks is to crash the victim server and make it unavailable. It results in the revenue losses as well as economic overhead due to high cost of alleviating the attack and restoring the services.

The advent of new technologies has bestowed significantly greater number of resources, which has imparted attackers with novel ways to carry out cyber-attacks that cause more damage with less effort. A number of DDoS attacks are now carried out using well-organized and remotely controlled botnets. These botnets consist of thousands of malware-infected zombie machines that simultaneously send huge volumes of data to the target continuously, slowing down and eventually crashing the target system. Employing a bot army to execute an attack protects the anonymity of attacker by eliminating the chances of source IP address trace back. It also magnifies the severity of DDoS attack drastically.

In the recent years, a new landscape for DDoS attacks has emerged strikingly, called “DDoS as a Service”. These are easily affordable and accessible DDoS-for-hire websites that have altogether remodeled the extent and impact of DDoS attacks around the Internet. Nowadays, the hackers carry out DDoS attacks for others for as little as $5 per hour. Since the release of Mirai botnet source code, powering 100,000 bots, for executing DDoS attacks on dark web in October 2016 (Bing, 2016), the demand as well as the supply of these attack services have rocketed radically. According to Corero COO Dave Larson, “as many as 40% of all network layer attacks are believed to be caused by such DDoS-for-hire botnets.” These attack services are advertised as “Stresser” or “Booster” services that provide troubleshooting and testing services in order to identify the vulnerabilities in the user's network.

The recent studies have revealed that nowadays, not just numbers, the harshness of DDoS attacks has also aggravated. Cisco has predicted that the DDoS attacks are going to be even more frequent in the coming years, rising from 7.9 million in 2018 to a colossal figure of over 15 million in 2023. According to the Annual DDoS Threat Report for the year 2020 released by Nexusguard (2020), the frequency of DDoS attacks took an enormous jump from Q1 2019 to Q1 2020 with a year-over-year increase of 341.21\%. One of the largest ever recorded DDoS attack was carried out against the Amazon Web Services (AWS) in February 2020 with an attack volume that culminated to a breath-taking 2.3 Tbps (AWS, 2020). According to the Information Technology Intelligence Consulting (ITIC), an hour of IT services downtime can cost the companies anywhere between $300,000 to $1,000,000 (ITIC, 2019). Given this figure, the amount of financial damage incurred is unimaginable when a DDoS attack was brought down on thousands of Google’s IP addresses in October 2020. The attack was perpetrated by three Chinese ISPs and lasted for six months, peaking at an astounding rate of 2.5 Tbps (Huntley, 2020).