Network Protection Against DDoS Attacks

Petr Dzurenda, Zdenek Martinasek, Lukas Malina


The paper deals with possibilities of the network protection against Distributed Denial of Service attacks (DDoS). The basic types of DDoS attacks and their impact on the protected network are presented here. Furthermore, we present basic detection and defense techniques thanks to which it is possible to increase resistance of the protected network or device against DDoS attacks. Moreover, we tested the ability of current commercial Intrusion Prevention Systems (IPS), especially Radware DefensePro 6.10.00 product against the most common types of DDoS attacks. We create five scenarios that are varied in type and strength of the DDoS attacks. The attacks intensity was much greater than the normal intensity of the current DDoS attacks.

Full Text:



A. Srivastava, B. Gupta, A. Tyagi, A. Sharma, and A. Mishra, “A recent survey on ddos attacks and defense mechanisms,” in Advances in Parallel Distributed Computing. Springer, 2011, pp. 570–580.

J. Mirkovic and P. Reiher, “A taxonomy of ddos attack and ddos defense mechanisms,” ACM SIGCOMM Computer Communication Review, vol. 34, no. 2, pp. 39–53, 2004.

T. Peng, C. Leckie, and K. Ramamohanarao, “Survey of network-based defense mechanisms countering the dos and ddos problems,” ACM Computing Surveys (CSUR), vol. 39, no. 1, p. 3, 2007.

M. Roesch et al., “Snort: Lightweight intrusion detection for networks.” in LISA, vol. 99, 1999, pp. 229–238.

V. Paxson, “Bro: a system for detecting network intruders in real-time,” Computer networks, vol. 31, no. 23, pp. 2435–2463, 1999.

R. Jalili, F. Imani-Mehr, M. Amini, and H. R. Shahriari, “Detection of distributed denial of service attacks using statistical pre-processor and unsupervised neural networks,” in Information Security Practice and Experience. Springer, 2005, pp. 192–203.

H. Liu and M. S. Kim, “Real-time detection of stealthy ddos attacks using time-series decomposition,” in Communications (ICC), 2010 IEEE International Conference on. IEEE, 2010, pp. 1–6.

S. Jin and D. S. Yeung, “A covariance analysis model for ddos attack detection,” in Communications, 2004 IEEE International Conference on, vol. 4. IEEE, 2004, pp. 1882–1886.

G. Nychis, V. Sekar, D. G. Andersen, H. Kim, and H. Zhang, “An empirical evaluation of entropy-based traffic anomaly detection,” in Proceedings of the 8th ACM SIGCOMM conference on Internet measurement. ACM, 2008, pp. 151–156.

L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, “Statistical approaches to ddos attack detection and response,” in DARPA Information Survivability Conference and Exposition, 2003. Proceedings, vol. 1. IEEE, 2003, pp. 303–314.

M. C. M. Patel and A. P. V. H. Borisagar, “Survey on taxonomy of ddos attacks with impact and mitigation techniques,” in International Journal of Engineering Research and Technology, vol. 1, no. 9 (November-2012). ESRSA Publications, 2012.

A. Jain and A. K. Singh, “Distributed denial of service (ddos) attacks-classification and implications,” Journal of Information and Operations Management ISSN, pp. 0976–7754, 2012.

G. Loukas and G.Öke, “Protection against denial of service attacks: a survey,” The Computer Journal, p. bxp078, 2010.

S.-H. Kang, K.-Y. Park, S.-G. Yoo, and J. Kim, “Ddos avoidance strategy for service availability,” Cluster computing, vol. 16, no. 2, pp. 241–248, 2013.

M. Walfish, M. Vutukuru, H. Balakrishnan, D. Karger, and S. Shenker, “Ddos defense by offense,” ACM Transactions on Computer Systems (TOCS), vol. 28, no. 1, p. 3, 2010.



  • There are currently no refbacks.