Essay: Can We Beat DDoS Attacks In Clouds? - An Overview Of DDoS Attack.

Can We Beat Ddos Attacks In Clouds?

Detailed Walk Through of Distributed Denial of Service Attack

The computer security can be significantly defined as the security or protectiveness of various computer systems either from damage or from theft for the software, electronic data or software (Von Solms & Van Niekerk, 2013). This type of security is also effective for the misdirection or disruption of fewer services, provided by them. There is an incrementing reliance on the computer systems, smart devices like smart televisions as well as smart phones, and other tiny devices together comprise of the IoT or Internet of Things. The computer security or IT security is for the protection of several computer systems from the various cyber attacks. The computer security consists of the physical security and cyber security. These two types of securities are utilized by the various companies for properly protecting against the unauthenticated or unauthorized access for the data centres or other digitalized systems (Wang & Lu, 2013). The confidentiality, integrity or availability of information is well maintained with this computer security. The following report outlines a brief discussion on the computer security and the significant cyber threat of distributed denial of service or DDoS attack.

The distributed denial of service attack or DDoS attack is the significant malicious attempt for the purpose of disrupting the normal traffic of any targeted server, network or service by the overwhelming target or infrastructure with the respective flood of this Internet traffic (Hahn et al., 2013). These types of attacks solely achieve the effectiveness or efficiency by the proper utilization of several compromised or dangerous computer based systems as the typical sources of any attack traffic. The exploited machines could eventually involve the networked resources or systems in this attack and the most targeted resources in this case are devices of Internet of Things (Buczak & Guven, 2016). The distributed denial of service attack subsequently jams the network traffic and hence the regular network traffic is prevented from the packets reaching to the desired location.

Figure 1: Components of DDoS Attacks

(Source: Created by the Author in MS Word)

The DDoS attack needs a hacker for obtaining the complete control of the network for executing the attack (Compagno et al., 2013). The entire procedure of this attack is quite simplified. The computer systems as well as other machineries are at first infected with the malware, hence turning the machines into bots. The significant hacker then comprises of the remote control on the collection of bots, known as botnet. When this botnet is being established, the hacker has the capability for directing the respective systems by simply sending updated and current instructions to each and every bot through the methodology of remote control (Yan et al., 2016). As soon as the specific IP address of the victim is observed by the botnet, all the bots would be substantially responding by the sending of requests to the victims and hence causing the specific network or server for overflowing capacity and the occurrence of DDoS attack.

Real World Example of DDoS Attack

The entire mechanism of DDoS attacks is followed by the hacker. There are seven layers in an OSI model and all the layers and extremely vulnerable with this type of attack. In the application layer of OSI model, the major objective is to exhaust or finish the target resources (Wang et al., 2015). These attacks then target the respective layer, in which the web pages are being generated over the server and then delivered in response to the HTTP requests.

Figure 2: Application Layer DDoS Attack

(Source: Created by the Author in MS Word)

The next dangerous attack is the protocol attacks (Yu et al., 2014). These are also called as the state exhaustion attacks, which cause major service disruptions by the proper consumption of the available state table capacities of the web application servers or the two intermediate resources such as load balances as well as firewalls.

One of the most popular and significant distributed denial of service attacks, the 2016 Dyn Cyber Attack, is considered as the most deadly example of this attack. This DDoS cyber attack took place in Europe and North America on 21^st October, 2016 (Woolf, 2018). This attack involved several DDoS or distributed denial of service attacks, hence targeting the systems, which are operated by DNS or Domain Name System provider Dyn. This Dyn eventually caused most of the Internet services or platforms completely unavailable for the larger swathes of the users in North America and Europe.

The outcome of this 2016 Dyn Cyber Attack was extremely dangerous as well as vulnerable for all of the users of the entire North America and Europe (Bhuyan, Bhattacharyya & Kalita, 2015). The entire major Internet based services as well Internet based platforms were made absolutely unavailable for the intended users. The specific hackers’ groups, namely New World Hackers and Anonymous eventually claimed the responsibility for this particular attack, however, strong evidence was not provided in the case. Dyn is a DNS provider, which subsequently provides mapping service to its end users. The mapping is done in the Internet domain name, whenever it is being entered into the web browser with its corresponding IP addresses (Santanna et al., 2015). The malware that caused this distributed denial of service attack is Mirai. It turned the networked devices that are running on Linux to remotely controlled bots for using them as the specific part of botnet within this large scale networked attacks.

Aims of Security Breach with Consequences

The impact of the 2016 Dyn Cyber Attack was extremely high on the users of North America and Europe. There were total three attacks in this DDoS attack. As per Dyn, the first attack started at 7 am in the morning and was resolved by 9.20 am (Woolf, 2018). The next attack occurred at 11.52 am and all the users of Internet were facing difficulties in accessing the websites. The final attack occurred after 4 pm in the afternoon; however at 6.11 pm, it was resolved by Dyn. The particular distributed denial of service or DDoS attack was caused by the Mirai malware and was accomplished by the larger number of lookup requests of Domain Name System form billions of generated IP addresses (Dai et al., 2013). These malicious activities were eventually carried out through a specific botnet that comprised of huge numbers or Internet connected or Internet based devices like the IP cameras, baby monitors, printers, residential gateways and many others. All of the above mentioned devices were being affected by the Mirai malware. The various popular and significant affected services in this particular DDoS attack were Amazon.com, Airbnb, BBC, Quora, CNN, Starbucks, Box, HBO, Twitter, Verizon Communications, Fox News, Heroku, Tumblr, Netflix, Pinterest, PayPal, PlayStation Network, The New York Times, WWE Network, GitHub and many more (Woolf, 2018).

There were some of the major aims of this security breach. The first and the foremost aim was to attack the devices of Internet of Things. The consequence was that this attack was the botnet that was coordinated by a huge number of IoT enabled devices that included IP cameras, baby monitors, printers and residential gateways (Wang et al., 2015). The second aim of this specific DDoS attack of 2016 Dyn cyber attack was to spread Mirai malware. This malware was created juts two months prior to the attack and it was designed to the brute force for controlling the IoT enabled devices remotely.

The cyber security investigator of Brian Krebs eventually noted that the respective source code for the malware Mirai malware had been previously released by the hackers over the Internet within an open source manner. Hence, the overall investigation of the attacker was extremely difficult in this case. The then President of the United States of America took necessary actions in this attack and the attackers were substantially punished (Woolf, 2018). Three men, namely, Paras Jha, Josiah white and Dalton Norman were arrested in the popular DDoS attack of the 2016 Dyn cyber attack.

Specific Actions taken for Addressing the Issue

Conclusion

Therefore, from the above discussion, it can be concluded that computer security refers to the collection of tools and techniques that are utilized for the proper protection of network, data or programs from the damages, attacks as well as unauthorized access. The most significant functionality of this computer security majorly includes protection of the information as well as information systems from several cyber threats. There are several forms of cyber threats, which are malware, phishing, application attacks, exploit kits, ransomware, worm attacks, distributed denial of service attacks and many others. Amongst them, the most dangerous attack is the distributed denial of service attack or DDoS attack. The intended machine is made unavailable by the attacker so that the user cannot access it eventually. The services are denied for the significant victims and hence these are extremely vulnerable for any information system. The above report has clearly outlined the brief discussion on distributed denial of service attack and computer security. The case study of 2016 Dyn Cyber Attack by Anonymous and New World Hackers is taken in this report as a real world example of DDoS attack.

References

Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2015). An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recognition Letters, 51, 1-7.

Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153-1176.

Compagno, A., Conti, M., Gasti, P., & Tsudik, G. (2013, October). Poseidon: Mitigating interest flooding DDoS attacks in named data networking. In Local Computer Networks (LCN), 2013 IEEE 38th Conference on (pp. 630-638). IEEE.

Dai, H., Wang, Y., Fan, J., & Liu, B. (2013, April). Mitigate ddos attacks in ndn by interest traceback. In Computer Communications Workshops (INFOCOM WKSHPS), 2013 IEEE Conference on (pp. 381-386). IEEE.

Hahn, A., Ashok, A., Sridhar, S., & Govindarasu, M. (2013). Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions on Smart Grid, 4(2), 847-855.

Santanna, J. J., van Rijswijk-Deij, R., Hofstede, R., Sperotto, A., Wierbosch, M., Granville, L. Z., & Pras, A. (2015, May). Booters—An analysis of DDoS-as-a-service attacks. In Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on (pp. 243-251). IEEE.

Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.

Wang, B., Zheng, Y., Lou, W., & Hou, Y. T. (2015). DDoS attack protection in the era of cloud computing and software-defined networking. Computer Networks, 81, 308-319.

Wang, W., & Lu, Z. (2013). Cyber security in the smart grid: Survey and challenges. Computer Networks, 57(5), 1344-1371.

Woolf, N. (2018). DDoS attack that disrupted internet was largest of its kind in history, experts say. Retrieved from https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet 

Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2016). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1), 602-622.

Yu, S., Tian, Y., Guo, S., & Wu, D. O. (2014). Can we beat DDoS attacks in clouds?. IEEE Transactions on Parallel and Distributed Systems, 25(9), 2245-2254.