Hadoop Based Defense Solution to Handle Distributed Denial of Service (DDoS) Attacks


Distributed denial of service (DDoS) attacks continues to grow as a threat to organizations worldwide. From the first known attack in 1999 to the highly publicized Operation Ababil, the DDoS attacks have a history of flooding the victim network with an enormous number of packets, hence exhausting the resources and preventing the legitimate users to access them. After having standard DDoS defense mechanism, still attackers are able to launch an attack. These inadequate defense mechanisms need to be improved and integrated with other solutions. The purpose of this paper is to study the characteristics of DDoS attacks, various models involved in attacks and to provide a timeline of defense mechanism with their improvements to combat DDoS attacks. In addition to this, a novel scheme is proposed to detect DDoS attack efficiently by using MapReduce programming model.

Share and Cite:

S. Tripathi, B. Gupta, A. Almomani, A. Mishra and S. Veluru, "Hadoop Based Defense Solution to Handle Distributed Denial of Service (DDoS) Attacks," Journal of Information Security, Vol. 4 No. 3, 2013, pp. 150-164. doi: 10.4236/jis.2013.43018.

Conflicts of Interest

The authors declare no conflicts of interest.


[1] B. M. Leiner, V. G. Cerf, D. D. Clark, R. E. Kahn, L. Kleinrock, D. C. Lynch, J. Postel, L. G. Roberts and S. Wolff, “A Brief History of the Internet,” 2000. http://www.isoc.org/internet/history/brief.shtml
[2] B. B. Gupta, R. C. Joshi and M. Misra, “Defending against Distributed Denial of Service Attacks: Issues and Challenges,” Information Security Journal: A Global Perspective, Vol. 18, No. 5, 2009, pp. 224-247.
[3] C. Douligeris and A. Mitrokotsa “DDoS Attacks and Defense Mechanisms: Classification and State of the Art,” Elsevier Science Direct Computer Networks, Vol. 44, No. 5, 2004, pp. 643-666. doi:10.1016/j.comnet.2003.10.003
[4] S. M. Specht and R. B. Lee, “Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures,” Proceedings of the International Workshop on Security in Parallel and Distributed Systems, San Francisco, 15-17 September 2004, pp. 543-550.
[5] A. Mishra, B. B. Gupta and R. C. Joshi, “A Comparative Study of Distributed Denial of Service Attacks, Intrusion Tolerance and Mitigation Techniques,” European Intelligence and Security Informatics Conference, EISIC 2011, 12-14 September 2011, pp. 286, 289.
[6] T. Kitten, “DDoS: Lessons from Phase 2 Attacks,” 2013. http://www.bankinfosecurity.com/ddos-attacks-lessons-from-phase-2-a-5420/op-1
[7] A. ALmomani, T.-C. Wan, B. B. Gupta, A. Altaher, E. A. Lmomani and S. Ramadass, “A Survey of Phishing Email Filtering Techniques,” IEEE Communications Surveys & Tutorials, Vol. PP, No. 99, 2013, pp. 1-21.
[8] S. Zargar, J. Joshi and D. Tipper, “A Survey of Defense Mechanisms against Distributed Denial of Service (DDoS) Flooding Attacks,” Communications Surveys & Tutorials, IEEE, Vol. PP, No. 99, 2013, pp. 1-24. doi:10.1109/SURV.2013.031413.00127
[9] K. Zetter, “Lazy Hacker and Little Worm Set off Cyberwar Frenzy,” 2009. http://www.wired.com/threat level/2009/07/mydoom/
[10] L. Greenemeier, “Estonian Attacks Raise Concern over Cyber “Nuclear Winter”,” Information Week, 2007. http://www.informationweek.com/ estonian-attacks-raise- concern-over-cybe/199701774
[11] J. Vijayan, “Mydoom Lesson: Take Proactive Steps to Prevent DDoS Attacks,” 2004. http://www.computerworld.com/s/article/89932/Mydoom_lesson_Take_proactive_steps_to_ prevent_DDoS_ attacks?%20taxonomyId=017
[12] “Powerful Attack Cripples Internet,” 2002. http://www.greenspun.com/bboard/q-and-a-fetch-msg.tcl msgid=00A7G7
[13] Yahoo on Trail of Site Hackers,” Wired.com, 2000. http://www.wired.com/techbiz/ media/news/2000/02/34221
[14] S. Garfinkel and G. Spafford, “Practical Internet and UNIX Security,” O’Reilly Media, 1996
[15] “CERT Advisory: SYN Flooding and IP Spoofing Attacks,” CERT® Coordination Center Software Engineering Institute, Carnegie Mellon, 2010. http://www.cert.org/advisories/CA-1996-21.html
[16] CERT, “Tech Tips: Denial of Service Attacks,” CERT® Coordination Center Software Engineering Institute, Carnegie Mellon, 2010. http://www.cert.org/tech_tips/denial_of_service.html
[17] “Notable Hacks,” PBS Frontline, 2010. http://www.pbs.org/wgbh/ pages/frontline/shows/hackers/ whoare/notable.html
[18] K. J. Houle, G. M. Weaver, N. Long and R. Thomas, “Trends in Denial of Service Attack Technology,” CERT? Coordination Center, 2001.
[19] N. Schactman, “Wage Cyberwar against Hamas, Surrender Your PC,” Wired: Danger Room Blog, 2009.
[20] P. Wilkinson, “Briton’s Software a Surprise Weapon in Iran Cyberwar,” Cable News Network, Atlanta, 2009.
[21] B. Martin, “Have Script, Will Destroy (Lessons in DoS),” 2000. http://attrition.org/~jeri cho/works/security/dos.html
[22] X. Wang and M. Reiter, “WRAPS: Denial-of-Service Defense through Web Referrals,” Proceedings of the 25th IEEE Symposium on Reliable Distributed Systems, (SRDS’06), Leeds, 2-4 October 2006, pp. 51-60.
[23] R. Mackey, “‘Iranian Cyber Army’ Strikes Chinese Website,” New York Times Lede Blog, 2011.
[24] D. Kravetz, “Anonymous Unfurls ‘Operation Titstorm’,” Wired Threat Level Blog, 2010.
[25] J. Nazario, “Politically Motivated Denial of Service Attacks,” Arbor Networks, 2009.
[26] DDoS-for-Hire Service Is Legal and Even Lets FBI Peek in, Says a Guy with an Attorney,” 2012. http://www.ddosdefense.net
[27] “Internet Creaks Following Cyber Attack on Spamhaus,” 2013. http://www.cbronline.com/ news/security/internet-slows- down-following-ddos-attack-on-spamhaus-280313
[28] T. Kitten, “2 More Banks Are DDoS Victims,” 2012. http://www.bankinfosecurity.com/2-more-banks-are-ddos-victims-a-5298
[29] T. Kitten, “DDoS Strikes American Express,” 2013. http://www.bankinfosecurity.com/american-express-a-5645
[30] “iMessage DDoS Attacks Foreshadow a Bigger Threat,” 2013. http://soshitech.com/2013/04/01/ imessage-ddos-attacks-fore shadow-a-bigger-threat/
[31] J. Kirk, “Mt. Gox under Largest DDoS Attack as Bitcoin Price Surges,” 2013. http://www.computerworld.com/s/article/9238118/Mt._Gox_under_largest_DDoS_ attack_as_bitcoin_ price_surges
[32] “Mstream Distributed Denial of Service Tool (Zombie Detected) (DdosMstreamZombie),” 2013. http://www.iss.net/security_center/reference/vuln/ddos-mstream-zombie.htm
[33] N. McAllister, “GoDaddy Stopped by Massive DDoS Attack,” 2012. http://www.theregister.co. uk/2012/09/10/godaddy_ddos_attack/
[34] E. Alomari, S. Manickam, B. B. Gupta, S. Karuppayah and R. Alfaris, “Botnet-Based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art,” International Journal of Computer Applications, Vol. 49, No. 7, 2012, pp. 24-32.
[35] B. B. Gupta, M. Misra and R. C. Joshi, “FVBA: A Combined Statistical Approach for Low Rate Degrading and High Bandwidth Disruptive DDoS Attacks Detection in ISP Domain,” 16th IEEE International Conference on Networks, 12-14 December 2008, New Delhi, pp. 1-4.
[36] J. Lo, et al., “An IRC Tutorial,” 1997. http://www.irchelp.org/irchelp/irctutorial.html#part1
[37] D. Dittrich, “The Tribe Flood Network Distributed Denial of Service Attack Tool,” University of Washington, Seattle, 1999. http://staff.washington.edu/dittrich/misc/tfn.analysis.txt
[38] J. Barlow and W. Thrower, “TFN2K—An Analysis,” Axent Security Team, 2000. http://security.royans.net/ info/posts/bugtraq_ddos2.shtml
[39] D. Dittrich, “The Stacheldraht Distributed Denial of Service Attack Tool,” University of Washington, Seattle, 1999. http://staff.washington.edu/dittrich/misc/stacheldraht.analysis.txt
[40] D. Dittrich, S. Dietrich and N. Long, “An Analysis of the ‘Shaft’ Distributed Denial of Device Tool,” USENIX Systems Administration Conference, March 2000. http://www.soscholar.net/detail?paper_id=2bb7f2f9-2ed7- 3422-78d2-e938aaaf44af
[41] F. Freiling, et al., “Botnet Tracking: Exploring a RootCause Methodology to Prevent Distributed Denial-ofService Attacks,” Computer Security-ESORICS 2005, Milan, 12-14 September 2005, pp. 319-335.
[42] Z. S. Zhu, G. H. Lu, Y. Chen, Z. Fu, P. Roberts and K. Han, “Botnet Research Survey,” 32nd Annual IEEE International Conference on Computer Software and Applications, COMPSAC’08, Turku, 28 July-1 August 2008, pp. 967, 972.
[43] P. Negi, A. Mishra and B. B. Gupta, “Enhanced CBF Packet Filtering Method to Detect DDoS Attack in Cloud Computing Environment,” International Journal of Computer Science Issues, Vol. 10, No. 1, 2013, pp 142-146.
[44] X. Geng and A. B. Whinston, “Defeating distributed denial of Service Attacks,” IEEE IT Professional, Vol. 2, No. 4, 2000, pp. 36-42. doi:10.1109/6294.869381
[45] T. M. Gil and M. Poletto, “Multops: A Data-Structure for Bandwidth Attack Detection,” Proceedings of the 10th USENIX Security Symposium, Washington DC, 2001, pp. 23-38.
[46] J. Li, J. Mirkovic, M. Wang, P. Reiher and L. Zhang, “SAVE: Source Address Validity Enforcement Protocol,” 21st Annual Joint Conference of the IEEE Computer and Communications Societies, New York, 23-27 June 2002, pp. 1557-1566.
[47] B. Bencsath and I. Vajda, “Protection against DDoS Attacks Based on Traffic Level Measurements,” Proceedings of the Western Simulation Multi Conference, San Diego, 2004, pp. 22-28.
[48] B. B. Gupta, M. Misra and R. C. Joshi, “An ISP Level Solution to Combat DDoS Attacks Using Combined Statistical Based Approach,” International Journal of Information Assurance and Security, Vol. 3, No. 2, 2008, pp. 102-110.
[49] Y. Chen, K. Hwang and W. Ku, “Collaborative Detection of DDoS Attacks over Multiple Network Domains,” IEEE Transaction on Parallel and Distributed Systems, Vol. 18, No. 12, 2007, pp. 1649-1662.
[50] L. Feinstein, D. Schnackenberg, R. Balupari and D. Kindred, “Statistical Approaches to DDoS Attack Detection and Response,” Proceedings of DARPA Information Survivability Conference and Exposition, Washington DC, 22-24 April 2003, pp. 303-314.
[51] A. Lakhina, M. Crovella and C. Diot, “Mining Anomalies Using Traffic Feature Distributions,” ACM SIGCOMM Computer Communication Review, Vol. 35, No. 4, 2005, pp. 217-228. doi:10.1145/1090191.1080118
[52] K. Hwang, M. Cai, Y. Chen and M. Qin, “Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes,” IEEE Transaction on Dependable and Secure Computing, Vol. 4, No. 1, 2007, 41-55. doi:10.1109/TDSC.2007.9
[53] J. Mirkovic and P. Reiher, “A Taxonomy of DDoS Attack and DDoS Defense Mechanisms,” ACM SIGCOMM Computer Communications Review, Vol. 34, No. 2, 2004, pp. 39-53. doi:10.1145/997150.997156
[54] S. Savage, D. Wetherall, A. Karlin and T. Anderson, “Practical Network Support for IP Traceback,” Proceedings of ACM SIGCOMM, Stockholm, 2000, pp. 295-306.
[55] A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent and W. T. Strayer, “Hash-Based IP Traceback,” Proceedings of ACM SIGCOMM, San Diego, 2001, pp. 3-14.
[56] S. Bellovin, M. Leech and T. Taylor, “ICMP Traceback Messages,” 2001. Internet draft: draft-ietf-itrace-01.txt
[57] D. Dean, M. Franklin and A. Stubblefield, “An Algebraic Approach to IP Traceback,” ACM Transactions on Information and System Security, Vol. 5, No. 2, 2002, pp. 119-137. doi:10.1145/505586.505588
[58] Y. Manzano, “Tracing the Development of Denial of Service Attacks: A Corporate Analogy,” 2003. http://www.acm.org/crossroads/xrds10-1/tracingDOS.html
[59] A. Belenky and N. Ansari, “IP Traceback with Deterministic Packet Marking,” IEEE Communication Letter, Vol. 7, No. 4, 2003, pp. 162-164. doi:10.1109/LCOMM.2003.811200
[60] C. Papadopoulos, R. Lindell, J. Mehringer, A. Hussain, and R. Govindan, “COSSACK: Coordinated Suppression of Simultaneous Attacks,” Proceedings of the DARPA Information Survivability Conference and Exposition, Vol. 2, Washington DC, 22-24 April 2003, pp. 2-13. doi:10.1109/DISCEX.2003.1194868
[61] J. Mirkovic, G. Prier and P. Reiher, “Attacking DDoS at the Source,” 10th IEEE International Conference on Network Protocols, Paris, 12-15 November 2002, pp. 312-321.
[62] S. Floyd, S. Bellovin, J. Loannidis, K. Kompella, R. Mahajan and V. Paxson, “Pushback Messages for Controlling Aggregates in the Network,” 2001. draft-floyd-pushback- messages-00.txt
[63] D. G. Andersen, H. Balakrishnan, M. F. Kaashoek and R. Morris, “Resilient Overlay Networks,” In Proceedings of 18th ACM SOSP, Banff, Canada, 2001, pp. 131-145.
[64] R. B. Lee, “Taxonomies of Distributed Denial of Service Networks, Attacks, Tools and Countermeasures,” Princeton University, Princeton, 2003. http://www.princeton.edu/ee/
[65] R. Bush, D. Karrenberg, M. Kosters and R. Plzak, “Root Name Server Operational Requirements,” RFC Editor, United States, BCP 40, RFC 2870, June 2000.
[66] S. Floyd and V. Jacobon, “Random Early Detection Gateways for Congestion Avoidance,” IEEE/ACM Transactions on Networking, Vol. 1, No. 4, 1993, pp. 397-413. doi:10.1109/90.251892
[67] S. Floyd and K. Fall, “Promoting the Use of End-to-End Congestion Control in the Internet,” IEEE/ACM Transactions on Networking, Vol. 7, No. 4, 1999, pp. 458-472. doi:10.1109/90.793002
[68] A. Demers, S. Keshav and S. Shenker, “Analysis and Simulation of a Fair Queuing Algorithm,” Journal of Internetworking Research and Experience, Vol. 1, No. 1, 1990, pp. 3-26.
[69] P. Mckenny, “Stochastic Fairness Queuing,” 9th Annual Joint Conference of the IEEE Computer and Communication Societies, the Multiple Facets of Integration, Piscataway, 3-7 June 1990, pp. 733-740.
[70] A. Mankin and K. Ramakrishnan, “Gateway Congestion Control Survey,” 1991. http://www.rfc-editor.org/rfc.html
[71] S. M. Khattab, C. Sangpachatanaruk, R. Melhem, D. Mosse and T. Znati, “Proactive Server Roaming for Mitigating Denial of Service Attacks,” 1st International Conference on International Technology: Research and Education, Newark, 2003, pp. 500-504.
[72] Apache Hadoop. http://hadoop.apache.org/
[73] S. Ghemawat, H. Gobio and S.-T. Leung, The Google File System,” ACM SIGOPS Operating Systems Review, Vol. 37, No. 5, 2003, pp. 29-43.
[74] K. V. Shvachko, “HDFS Scalability: The Limits to Growth,” USENIX, Vol. 35, No. 2, 2010, pp. 6-16.
[75] Y. Lee, W. Kang and Y. Lee, “A Hadoop-Based Packet Trace Processing Tool,” 3rd International Conference on Traffic Monitoring and Analysis, Vienna, 27 April 2011, pp. 51-63. doi:10.1007/978-3-642-20305-3_5
[76] T. White, “Hadoop: The Definitive Guide,” O’Reilly Media, Yahoo! Press, New York, 2009.
[77] Q. Chen, D. Q. Zhang, M. Y. Guo, Q. N. Deng and S. Guo, “Samr: A Self-Adaptive Mapreduce Scheduling Algorithm in Heterogeneous Environment,” International Conference on Computer and Information Technology, Bradford, 29 June-1 July 2010, pp. 2736-2743.

Copyright © 2023 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.