Denial-of-service (DoS) attacks are on the rise and have evolved into a complex and overwhelming security challenge for organizations large and small. Although DoS attacks are not a recent phenomenon, the methods and resources available to conduct and mask such attacks have dramatically evolved to include Distributed DoS (DDoS) and, more recently, Distributed Reflector DoS (DRDoS) attacks—attacks that simply cannot be addressed by traditional on premise solutions. DDoS is a type of denial of service attack where Trojan-infected machines (often numbering in hundreds to thousands) target a single system. A malicious hacker does this by commanding a fleet of remote machines to send network traffic to a target. Since the attack causes incoming traffic to flood the target system from myriad sources, it effectively makes it impossible to resist simply by blocking a single Internet Protocol (IP) address. More importantly, it is very difficult to distinguish legitimate “good” traffic from the attack traffic. The target becomes so busy dealing with the attackers' requests that it does not have time to respond to other, legitimate user requests. This leads to delays, outages, and in some cases a complete system shutdown.
The frequency of DDoS attacks is increasing and affecting small to medium size businesses with highly damaging results. The second quarter of 2014 alone recorded at least 17 major attacks. In June 2014, DDoS attack on Code Space (web hosting service) made it inoperable and then deleted consumer hosted data as well as backups, forcing them to shut down their business. In addition to causing financial losses, these attacks have become a political tool to ‘hacktivists’.
Thus, there is a need for effective countermeasures to detect and defend against DDoS and DRDoS attacks.