Rapid technological advances have made the Internet ubiquitous around the globe. Access speeds and reliability of access are always improving, and as a result, diverse services provided on the Internet are greatly impacting every aspect of our day-to-day lives. Using these services, people routinely depend on the Internet to share confidential and valuable personal and professional information. Because smooth functioning of society depends highly on the Internet, individuals with bad intentions routinely exploit inherent weaknesses of the Internet to paralyze targeted services all over the net. With increasing incidences of network attacks, detecting such unwelcome intrusions has become an important research area. Among all the threats for which network defenders need to watch out, Distributed Denial-of-Service (DDoS) attacks are among the most common and most devastating. In this attack, people with malice use tools that are frequently available on the net to disrupt Websites, databases or enterprise networks by first gathering information on their weaknesses and later exploiting them. DDoS is a coordinated attack, launched using a large number of compromised hosts. A DDoS attack is considered high-rate when it generates a large number of packets or extremely high-volume traffic within a very short time, say a fraction of a minute, to disrupt service. An attack is referred to as a low-rate attack, if it is mounted over minutes or hours. To counter DDoS attacks, several significant defense mechanisms have been developed.
This book discusses the evolution of DDoS attacks, how to detect a DDoS attack when one is mounted, how to prevent such attacks from taking place, and how to react when a DDoS attack is in progress with the goal of possibly tolerating the attack and doing the best under the circumstances without failing completely. It introduces types of DDoS attacks, characteristics that they demonstrate, reasons why such attacks can take place, what aspects of the network infrastructure are usual targets, and how these attacks are actually launched. The book elaborates upon the emerging botnet technology, current trends in the evolution and use of this technology, and the role of this technology in facilitating the launching of DDoS attacks, and challenges in countering the role of botnets in the proliferation of DDoS attacks. The book introduces statistical and machine learning methods applied in the detection and prevention of DDoS attacks in order to provide a clear understanding of the state of the art. It presents DDoS reaction and tolerance mechanisms with a view to studying their effectiveness in protecting network resources without compromising the quality of services. Further, the book includes a discussion of a large number of available tools and systems for launching DDoS attacks of various types and for monitoring the behavior of the attack types. The book also provides a discussion on how to develop a custom testbed that can be used to perform experiments such as attack launching, monitoring of network traffic, detection of attacks, as well as for testing strategies for prevention, reaction and mitigation. Finally, the reader will be exposed to additional current issues and challenges that need to be overcome to provide even better defense against DDoS attacks.