Ever expanding array of schemes for detection and prevention of Distributed Denial of Service (DDoS) attacks demands for a constant review and their categorization. As detection techniques have existed for a relatively longer period of time than defense mechanisms, researchers have categorized almost all the existing and expected forthcoming attacks. However, techniques for defense are still nurturing. Researchers have explored that there could be diverse ways of launching DDoS attacks. Consequently, need of defense strategy that adapts and responds autonomously to these variety of attacks is imperative. As more and more excavation is done in the arena of DDoS Defense Mechanisms, we understand that along with the conventional, well known DDoS Prevention and mitigation mechanism there are other factors that play equally important role in shielding a system from DDoS attacks. Deployment strategy, degree of cooperation of the internet host, code of behaviour while the system is already under attack, and post-attack analysis, etc, are such factors. In this paper, we have assorted the existing enormous defense mechanisms, and proposed an enhanced taxonomy that incorporates possible parameters that might influence DDoS Defense.


Distributed Denial of Service Taxonomy Autonomous Defense mechanisms 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Specht, S.M., Lee, R.B.: Distributed denial of service: taxonomies of attacks, tools and countermeasures. In: Proceedings of the 17th ICPADS, pp. 543–550 (2004)Google Scholar
  2. 2.
    You, Y., Zulkernine, M., Haque, A.: Detecting Flooding-based DDoS attacks. In: Proceedings of IEEE International Conference on Communications, pp. 1229–1234 (2007)Google Scholar
  3. 3.
    Loannidis, J., Bellovin, S.: Implementing pushback: router-based defense against DDoS attacks. In: Proceedings of the Network and Distributed System Security Symposium (2002)Google Scholar
  4. 4.
    Daniels, T.E., Spafford, E.H.: Network Traffic Tracking Systems: Folly in the Large. In: Proceedings of the 2000 Workshop on New Security Paradigms, pp. 119–124 (2000)Google Scholar
  5. 5.
    Peng, T., Ramamohanarao, K., Leckie, C.: Protection from distributed denial of service attacks using history-based IP filtering. Proceedings of the IEEE 1, 482–486 (2003)Google Scholar
  6. 6.
  7. 7.
    Lau, F., Rubin, S.H., Smith, M.H., Trajkovic, L.: Distributed denial of service attacks. In: IEEE International Conference on Systems, Man and Cybernetics, vol. 3, pp. 2275–2280 (2000)Google Scholar
  8. 8.
    Fan, Y.: Defeating Denial of Service attacks with source router preferential dropping. Master thesis: Queens’s University, Kingston Canada (2003)Google Scholar
  9. 9.
    Savage, S., Wetherall, D., Karlin, A.R., Anderson, T.: Practical network support for IP traceback. In: SIGCOMM, pp. 295–306 (2000)Google Scholar
  10. 10.
    Carl, G., Kesidis, G., Brooks, R.R., Rai, S.: Denial of-service attack-detection techniques. IEEE Internet Computing 10(1), 82–89 (2006)CrossRefGoogle Scholar
  11. 11.
    Chang, R.K.: Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial. IEEE Communications Magazine 40(10), 42–51 (2002)CrossRefGoogle Scholar
  12. 12.
    Ferguson, P., Senie, D.: Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing. United States (2000),
  13. 13.
    Jin, C., Wang, H., Shin, K.G.: Hop-count filtering: an effective defense against spoofed DDoS traffic. In: Proceedings of the 10th CCS 2003. ACM, New York (2003)Google Scholar
  14. 14.
    Sherr, M., et al.: Mitigating DoS attack through selective bin verification. In: Proceedings of IEEE ICNP Workshop, pp. 7–12 (2005)Google Scholar
  15. 15.
    Mirkovic, J., Reiher, P.: A Taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review 34(2), 39–53 (2004)CrossRefGoogle Scholar
  16. 16.
    Yau, D.K.Y., Lui, J.C.S., Liang, F., Yam, Y.: Defending Against Distributed Denial-of-Service Attacks with Max-Min Fair Server-Centric Router Throttles. IEEE/ACM (TON) 13(1), 29–42 (2005)CrossRefGoogle Scholar
  17. 17.
    Peng, T., Christopher, L., Kotagiri, R.: Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring. In: IEEE Infocom 2004, Hong-Kong (2004)Google Scholar
  18. 18.
    Xiang, Y., Zhou, W., Chowdhury, M.: A survey of active and passive defense mechanisms against DDoS attacks. TR C04/02, Deakin University, Australia (2004)Google Scholar
  19. 19.
    Mls, J.: Effectiveness of rate-limiting in mitigating flooding DoS attacks. In: Proceedings of the Third IASTED International Conference, pp. 155–160 (2004)Google Scholar
  20. 20.
    Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical approaches to DDoS attack detection and response. In: Proceedings of the DARPA, vol. 1, pp. 303–314 (2003)Google Scholar
  21. 21.
    Dubendorfer, T., Bossardt, M., Plattner, B.: Adaptive distributed traffic control service for DDoS attack mitigation. In: Proceedings of 19th. IEEE, Los Alamitos (2005)Google Scholar
  22. 22.
    Mirkovic, J., Reiher, P.: D-WARD: a source-end defense against flooding denial-of-service attacks. IEEE Transactions on Dependable and Secure Computing 2(3), 216–232 (2005)CrossRefGoogle Scholar
  23. 23.
    Yan, J., Early, S., Anderson, R.: The XenoService: a distributed defeat for distributed denial of service. In: Proceedings of ISW (2000)Google Scholar
  24. 24.
    Thomas, R., Mark, B., Johnson, T., Croall, J.: NetBouncer: client-legitimacy-based high-performance DDoS Filtering. In: Proceedings of the DARPA, vol. 1, pp. 14–25 (2003)Google Scholar
  25. 25.
    Mirkovic, J., Robinson, M., Reiher, P., Oikonomou, G.: A framework for collaborative DDoS defense. In: Proceedings of ACSAC (2006)Google Scholar
  26. 26.
    Carl, G., Kesidis, G., Brooks, R., Rai, S.: Denial-of-service attack detection techniques. IEEE Internet Computing 10(1), 82–89 (2006)CrossRefGoogle Scholar
  27. 27.
    Champagne, D., Lee, R.B.: Scope of DDoS countermeasures: taxonomy of proposed solutions and design goals for real-world deployment. Princeton Univ. Tech. Report CE-L2005-007 (2005)Google Scholar
  28. 28.
    Keromytis, A.D., et al.: SOS: secure overlay services. In: Proceedings of the 2002 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 61–72 (2002)Google Scholar
  29. 29.
    Mankins, D., et al.: Mitigating distributed denial of service attacks with dynamic resource pricing. In: Proceedings of the Computer Security Applications Conference, pp. 411–421 (2001)Google Scholar
  30. 30.
    Hu, Y.H., et al.: Packet filtering for congestion control under DoS attacks. In: Proceedings of the 2nd IEEE Int. Information Assurance Workshop, pp. 3–18 (2004)Google Scholar
  31. 31.
    Yaar, A., et al.: Pi: a path identification mechanism to defend against DDoS attacks. In: Proceedings of the 2003 Symposium on Security and Privacy, pp. 93–107 (2003)Google Scholar
  32. 32.
    Dalton, M., et al.: Real-World Buffer Overflow Protection for User-space and Kernel-space. In: Proceedings of the 17th conference on Security symposium, pp. 395–410 (2008)Google Scholar
  33. 33.
    Park, K., Lee, H.: On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets. In: Proceedings of ACM SIGCOMM 2001 (2001)Google Scholar
  34. 34.
    Lough, D.L.: A Taxonomy of: Computer Attacks with Applications to Wireless Networks. PhD thesis: Virginia Tech, Computer Engineering Department (2001)Google Scholar
  35. 35.
    Paxson, V.: Bro: A system for detecting network intruders in real-time. In: Proceedings of the 7th Annual USENIX Security Symposium, San Antonio, Texas (1998)Google Scholar
  36. 36.
    Pollak, M.: Optimal detection of a change in distribution. Ann. Statist. 13, 206–227 (1986)CrossRefMathSciNetGoogle Scholar
  37. 37.
    Cheng, C.M., Kung, H.T., Tan, K.S.: Use of Spectral Analysis in Defense Against DoS Attacks. In: Proceedings of GLOBECOM 2002, vol. 3, pp. 2143–2148. IEEE, Los Alamitos (2002)Google Scholar
  38. 38.
    Sourcefire. Snort: The Open Source Network Intrusion Detection System,
  39. 39.
    Wan, K.K.K., Chang, R.K.C.: Engineering of a global defense infrastructure for DDoS attacks. In: Proceedings of the IEEE International Conference on Networks, pp. 419–427 (2002)Google Scholar
  40. 40.
    Usman, T.: A Comprehensive Categorization of DDoS Attack and DDoS Defense Techniques. In: Li, X., Zaïane, O.R., Li, Z.-h. (eds.) ADMA 2006. LNCS (LNAI), vol. 4093, pp. 1025–1036. Springer, Heidelberg (2006)Google Scholar
  41. 41.
    Kargl, F., Maier, J., Weber, M.: Protecting web servers from Distributed Denial of Service attacks. In: Proceedings of the 10th International Conference on WWW, Hong Kong, pp. 514–524 (2001)Google Scholar
  42. 42.
    Jones, J.: Distributed Denial of Service Attacks: Defenses. A Special Publication: Technical report, Global Integrity (2000)Google Scholar
  43. 43.
    Lan, Z., Taylor, V.E., Bryan, G.: Dynamic Load Balancing of SAMR Applications on Distributed Systems. In: Supercomputing, ACM/IEEE 2001 Conference Publication (2001)Google Scholar
  44. 44.
    Snoeren, A.C., Balakrishnan, H., Kaashoek, M.F.: The Migrate Approach to Internet Mobility. In: Proceedings of the Oxygen Student Workshop (2001)Google Scholar
  45. 45.
    Dewan, P., Dasgupta, P., Karamcheti, V.: Defending against Denial of Service attacks using Secure Name resolution. In: Proceedings of SAM 2003 (2003)Google Scholar
  46. 46.
    Stephan, B.: Optimal filtering for denial of service mitigation. In: Proceedings of the 41st IEEE Conference on Decision and Control, vol. 2, pp. 1428–1433 (2002)Google Scholar
  47. 47.
    Hu, Y.H., Choi, H., Choi, H.A.: Packet Filtering to Defend Flooding-Based DDoS Attacks. In: Advances in Wired and Wireless Communication, IEEE/Sarnoff Symposium, pp. 39–42 (2004)Google Scholar
  48. 48.
    Gupta, B.B., Misra, M., Joshi, R.C.: An ISP Level Solution to Combat DDoS Attacks using Combined Statistical Based Approach, pp. 102–110. JIAS: Dynamic Publishers Inc., USA (2008)Google Scholar
  49. 49.
    Hussain, A., Heidemann, J., Papadopoulos, C.: A Framework for Classifying Denial of Service Attacks. In: Proceedings of the ACM SIGCOMM Conference, Karlsruhe, Germany (2003)Google Scholar
  50. 50.
    Badishi, G., Keidar, I., Sasson, A.: Exposing and eliminating vulnerabilities to denial of service attacks in secure gossip-based multicast. In: The International Conference on DSN, pp. 223–232 (2004)Google Scholar
  51. 51.
    Estan, C., Varghese, G.: New directions in traffic measurement and accounting. In: Proceedings of the 2001 ACM SIGCOMM Internet Measurement Workshop, San Francisco, CA, pp. 75–80 (2001)Google Scholar
  52. 52.
    Debar, H., Thomas, Y., Cuppens, F., Cuppens-Boulahia, N.: Enabling automated threat response through the use of a dynamic security policy. Journal in Computer Virology 3(3), 195–210 (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Astha Keshariya
    • 1
  • Noria Foukia
    • 1
  1. 1.Department of Information scienceUniversity of OtagoNew Zealand

Personalised recommendations