Detection of Distributed Denial of Service Attack (DDoS) Against a Web Server

Abstract

1.1 Introduction Network security has evolved from independently deployed products such as firewalls into the realm of system-wide solutions. The reason is simple: For today's companies, especially in this era of regulatory activity, preserving the integrity, confidentiality of corporate information is critical to success. As we move further into an information-driven global economy, the value of information, and controlled access to that information, has never been greater. The goal of IT infrastructure therefore is to create systems that can detect and protect against unauthorized access while providing timely access to legitimate users. Simply denying access in the face of an attack is no longer acceptable. Today's networks must be able to respond to attacks in ways that maintain network availability and reliability and allow a business to continue to function. In many respects, the goal of security is to make networks more resilient by making them more flexible. Rather than succumb, networks must be able to absorb attacks and remain operational, much in the same way the human immune system allows us to keep functioning in the presence of viruses and related bacterial infections. The Internet was created in 1969 to provide an open network for researchers’ .In the last decade, the phenomenal growth and the success of the Internet is changing its traditional role. Unfortunately, with the growth of the Internet, the attacks to the Internet have also increased incredibly fast. The occurrence of the Morris Worm in 1988 marked the first major computer security incident on the Internet. The widespread need and ability to connect machines across the Internet has caused the network to be more vulnerable to intrusions and has facilitated break-ins of a variety of types. Along their paths between a client and a server, network packets consume various kinds of resources including access link bandwidth, router buffers etc. Distributed-Denial-of-Service (DDoS) attacks inject maliciouslydesigned packets into the network to deplete some or all these sources. Whereas service front-ends can be protected from DDoS attacks by massive replication, back-ends cannot tolerate the same level of replication, because of higher. costs and tighter consistency constraints. DDoS attacks are difficult to prevent because of inevitable software vulnerabilities, which get exploited by attackers and are used to launch the attack.