Abstract
This paper analyzes denial of service (DoS) attacks and countermeasures based on a systematic review analysis conducted of papers between 2000 and 2016. The paper is based on three searches. The first was conducted using suitable keywords, the second using references used by selected papers, and, the third considered the most cited English-language articles. We discuss 802.11 along with one of the well-known DoS attacks at physical-level access points. Experts suggest using 802.11w, a “cryptographic client puzzle,” and “delaying the effect of request” to provide better protection in this layer. The paper discusses four main network defense systems against network-based attacks—source-end, core-end, victim-end, and distributed techniques—with a focus on two innovative methods, the D-WARD and gossip models. This study also discusses chi-squares and intrusion detection systems (IDSs), two effective models to detect DoS and DDoS attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Goodrich, M., & Tamassia, R. (2010). Introduction to computer security. Boston: Addison-Wesley Publishing Company.
Ioannidis, J., & Bellovin, S. M. (2002). Implementing pushback: Router-based defense against DDoS attacks. In Proceedings of Network and Distributed System Security Symposium. Retrieved April 7, 2017 from http://www.internetsociety.org/doc/implementing-pushback-router-based-defense-against-ddos-attacks
Elsevier. SCOPUS Database, www.scopus.com
Mell, P., Marks, D., & McLarnon, M. (2000). A denial-of-service resistant intrusion detection architecture. Computer Networks, 34, 641–658.
Mamun, M. S. I., & Kabir, A. S. (2010). Hierarchical design based intrusion detection system for wireless ad hoc sensor network. International Journal of Network Security & Its Applications (IJNSA), 2, 102–117.
Beitollahi, H., & Deconinck, G. (2012). Analyzing well-known countermeasures against distributed denial of service attacks. Computer Communications, 35, 1312–1332.
Mirkovic, J., & Reiher, P. (2005). D-WARD: A source-end defense against flooding denial-of-service attacks. IEEE Tansactions on Dependable and Secure Computing, 2, 216–232.
Zhang, G., & Parashar, M. (2006). Cooperative defence against ddos attacks. Journal of Research and Practice in Information Technology, 38, 69–84.
Oikonomou, G. C., Mirkovic, J., Reiher P. L., & Robinson, M. (2006). A framework for a collaborative DDoS defense. In ACSAC (pp. 33–42).
Anderson, T., Roscoe, T., & Wetherall, D. (2004). Preventing Internet denial-of-service with capabilities. ACM SIGCOMM Computer Communication Review, 34, 39–44.
Toledo, A. L., & Wang, X. (2008). Robust detection of MAC layer denial-of-service attacks in CSMA/CA wireless networks. IEEE Transactions on Information Forensics and Security, 3, 347–358.
Feinstein, L., Schnackenberg, D., Balupari, R., & Kindred, D. (2003). Statistical approaches to DDoS attack detection and response. In DARPA Information Survivability Conference and Exposition, 2003 Proceedings (pp. 303–314). IEEE. Retrieved April 7, 2017 from http://ieeexplore.ieee.org/abstract/document/1194894/?part=1
Bicakci, K., & Tavli, B. (2009). Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks. Computer Standards & Interfaces, 31, 931–941.
IEEE working group. (2010). IEEE standard for information technology–Telecommunications and information exchange between systems–Local and metropolitan area networks–Specific requirements–Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications Amendment 6: Wireless Access in Vehicular Environments. IEEE standards, 802, 11p.
Bellardo. J, & Savage, S. (2003, August). Denial of service attacks: Real vulnerabilities and practical solutions. In Proceedings of the 12TH USENIX Security Symposium (pp. 4–8). Washington, DC.
Bernaschi, M., Ferreri, F., & Valcamonici, L. (2008). Access points vulnerabilities to DoS attacks in 802.11 networks. Wireless Networks, 14, 159–169.
Linda, O., Vollmer, T., & Manic, M. (2009). Neural network based intrusion detection system for critical infrastructures. In 2009 international joint conference on neural networks (pp. 1827–1834). IEEE. Retrieved April 7, 2017 from http://ieeexplore.ieee.org/abstract/document/5178592/
Acknowledgements
This research received no specific grant from any funding agency in the public, commercial, or not-for-profit sectors. The authors would like to thank Professor Ping Wang for his valuable comments.
Conflict of Interest
None declared.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Zare, H., Azadi, M., Olsen, P. (2018). Techniques for Detecting and Preventing Denial of Service Attacks (a Systematic Review Approach). In: Latifi, S. (eds) Information Technology - New Generations. Advances in Intelligent Systems and Computing, vol 558. Springer, Cham. https://doi.org/10.1007/978-3-319-54978-1_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-54978-1_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54977-4
Online ISBN: 978-3-319-54978-1
eBook Packages: EngineeringEngineering (R0)