Detecting and Mitigating DoS or Distributed DoS Attacks

Introduction Denial of Service (DoS) attacks and Distributed DoS (DDoS) attacks are methods of controlling computer terminals or network resources to interfere with communication between a computer host and the Internet. DDoS is an attack sent by multiple computer hosts or collaborative zombie computers in a botnet and DoS is a computer host attack. In any attack, there is a possibility that incoming messages overwhelm the online computer and network, overwhelm the target system, refuse service to the Internet, or communicate with authorized users (US - CERT, 2013).

Many of DoS attacks that draw attention are actually distributed attacks. That is, attack traffic comes from multiple attack systems. Although DoS attacks originating from one source or IP address can be easier to mitigate, defenders can block network traffic from problematic sources, so they can detect attacks from multiple attack systems and defend them It is difficult to do. When sending packets from an IP address that appears to be on the Internet it is difficult to distinguish between legitimate traffic and malicious traffic and to exclude malicious packets.

As the years passed, Distributed Denial of Service (DDOS) attacks spread and become dangerous, one of the most serious threats on the Internet today. It is difficult to find and mitigate them. Any new architecture should detect and mitigate DoS attacks, or at least reduce its effectiveness. NDN appears to be effective for legitimate party content delivery, but does not understand malicious parties. DDOS attacks utilize a variety of hosts and various Internet connections rather than using a single host and a single connection to the Internet. Host computers used for attacks are distributed worldwide. The difference between DOS attacks and DDOS attacks is that the victim hosts are overloaded with thousands of resource requests. During the attack, the opponent's host node in the network sends a number of zombie requests for attack.