CSI6199 Cyber Security: DDoS Attack Analysis & Mitigation ECU

Verified

Added on 2023/04/11

AI Summary

This report delves into Distributed Denial of Service (DDoS) attacks, a significant cybersecurity threat, focusing on the operation, impact, and mitigation of these attacks. It begins by defining DDoS attacks and their mechanisms, highlighting how attackers flood networks with unwanted requests, disrupting user access and potentially leading to extortion. The report details the application layer of DDoS attacks, emphasizing the stealing of credentials and accessing databases. It also discusses various types of DDoS attacks, with a specific focus on DNS flooding attacks, using the 2016 Dyn attack as a real-world example. The analysis includes the Mirai botnet's role in the Dyn attack, its impact on major platforms, and the malware's mechanisms. Furthermore, the report outlines preventive measures to combat botnets and enhance network security. It concludes by emphasizing the need for continuous software updates, strong firewalls, and proactive incident response planning to mitigate the evolving threat of DDoS attacks and protect against data loss and financial damage. Desklib provides similar solved assignments for students.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: CONTEMPORARY CYBER SECURITY ISSUES
Contemporary Cyber Security Issues
Name of the student:
Name of the university:
Author note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1CONTEMPORARY CYBER SECURITY ISSUES
Abstract
The report is prepared to deliberate about the major types of Distributed denial of service
attacks that are taking place in the era off cyber threats. Based on the attack one of the
examples is stated which has been reported to occur in the real world leading to major
disruption of systems. The later part of the report focusses on the impact of the attack that
took place in the real world and based on it some preventive measures are also reflected in
the report.

2CONTEMPORARY CYBER SECURITY ISSUES
Table of Contents
Introduction:...............................................................................................................................3
Operation of the attack in the real world:...................................................................................3
Real world example of DNS flooding attack.............................................................................5
Impact of the attack:...................................................................................................................6
Actions taken against the attack.................................................................................................7
Conclusion:................................................................................................................................7
References:.................................................................................................................................9

3CONTEMPORARY CYBER SECURITY ISSUES
Introduction:
Distributed denial of service attack is one of the major types of cyber attacks that is
gradually taking up the major of the cyber security threats. The attack is done mainly by
overflowing the network or server with explicit characteristics. The attack is determined
when the attacked network floods with circulation of unwanted requests which tales over the
whole system causing disturbance in the network (Wang et al., 2015). Thus, distributed
denial of service attack prevents users from accessing the sites or the networks and hence as
result a bad customer service experience takes place for the intended website. The flooding of
the network traffic can consist of unwanted incoming messages or fake packets (Bhuyan,
Bhattacharyya & Kalita, 2015). Ann extortion threat of Distributed denial of service attack
may also cause some company to pay the ransomware as demanded by the hacker. Hackers
generally perform this Distributed denial of service attack to divert the attention of the
organisation under their target or to inject some malicious virus into the software used by the
targeted organisation in order to steal data from the company’s database. Almost all
organisations come under the targeted list of the Distributed denial of service attack. The
after effect of the attack is very much dangerous for all sorts of organisations. Major of the
data breach may occur due to the attack causing lose of important credentials and even may
lead to financial damage of the smaller organisations. The following report discusses about
the major type of distributed denial of service attacks that may occur in real world with
detailed study of the operation process of the attack.
Operation of the attack in the real world:
A Distributed denial of service attack may look like many of the other non-malicious
attacks that may lead to availability issues such as slowed down servers or systems or even
may lead to cutting down of cables. The application layer of the ddos attack is meant for

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4CONTEMPORARY CYBER SECURITY ISSUES
specified targeted purposes which includes stealing of important credentials accessing the
database. The whole attack requires few numbers of resources in order to successfully
process with the attack. The attack of specific networks may often lead to disruption of the
network causing issues such as retrieval of information or enabling searching actions in the
particular targeted website (Lim et al., 2014). Attackers who are trying to perform a
distributed denial of service ttack can do so with the assistance of a solitary machine as they
provide benefit in much relaxed execution and monitoring. In cases it becomes much difficult
for the security officials to mitigate the attack as it is difficult to point out the main culprit
behind the attack. The most common means of performing this attack is by making the web
services unavailable by simply bringing down the performance of the targeted machine.
Hackers generally follow this principal for performing a successful Distributed denial of
service attack. Other methods by which this attack can be launched is by transmitting
undivided packets to servers which becomes unable to handle at the same time (Deshmukh &
Devadkar, 2015). This method of attack when supported by the Botnets, the rate of damage to
the system also increases and thus it becomes difficult to figure out the mitigating procedures
for the attack. Distributed denial of service attack is of various kinds such as ping of death,
reflected attack, tear drop attack, mail bomb attack and the NTP amplification attack, session
attack, misused application attack, UDP flooding attack, media data flood attack and the DNS
flooding attack. Among all these attacks the most common and famous attack that took place
in the history of cyber threat is the DNS flooding attack.

5CONTEMPORARY CYBER SECURITY ISSUES
Figure 1: Showing operation of Distributed denial of service attack
Real world example of DNS flooding attack:
Among the various ddos attack that took place in the world, one of the famous attacks
that occurred is the MIRAI ddos attack or in other words also known as the 2016 Dyn attack
(Kolias et al., 2017). The attack took place on October 21st 2016. Dyn is a innovator in DNS
and a front-runner in cloud set-up. According to the website dyn.com, since 2001,
corporations from startups to initiatives have used dyn’s creation leading achieved dns and
correspondence delivery facilities to safeguard their website circulation and vital customer
infrastructures so that they get transported sooner more securely and more consistently than
ever. On October 21st 2016, one of the biggest DNS server companies named Dyn operating
across the world was hit by a cyber-attack that crippled internet service and computers in the
united states and across the globe. The attack was launched through a record number of DNS
lookup requests consisting of several IP addresses. The request came from a bot net which

6CONTEMPORARY CYBER SECURITY ISSUES
infected a large number of vices connected via internet which are affected by the Mirai
malware. The attack vided most of th users out in the world because the major platforms like
twitter, Netflix, aws was affected due to the attack. The Mirai malware that is used in the
attack is basically a script-based malware which got released earlier than the attack took place
on the internet. The attack was performed by launching a bot net. The Mirai malware
launched an IOT based botnet which included the regular homebased devices instead of mere
computer systems (Angrishi, 2017). The hackers in this case was targeted not towards a
company but to a domain name service provider. The Mirai malware that processed the entire
attack consisted of two main mechanisms one is the virus itself and the other is the command
control center (Antonakakis et al., 2017). The virus containing the attacking vector is
launched with a scanner process to seek the device components (Trapeznikov, 2018). The
CNC controls the entire Bot net in sending instructions to launch on of the attacks in the
targeted victim’s system. The scanner then runs in to the BOT using the protocol of TELNET
trying to login to the IP address randomly. The CNC on the other hands supports the interface
of command line to allow the attacker to specify a vector and the duration for the attack.
Impact of the attack:
The attack is comprised of 600 gigabits per second on the service of the Dyn and led
to blackouts for the websites across the entire united states. Though the most affected parts of
the attacks were the eastern and western sea borders but the impact of the attack was felt all
over the globe. The attack began at nearly about 7 am and was resolved by 9:20 am. As soon
as the attack was reported, users using the internet started facing difficulties in accessing
various websites (Djedjig et al., 2017). The attack caused major outages to popular sites
including twitter, sound cloud, Spotify, Shopify.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7CONTEMPORARY CYBER SECURITY ISSUES
Actions taken against the attack:
Some of the preventive measures that needs to be occupied in order to prevent the future
attack of botnets are as follows:
1. Devices needs to have advanced protecting features
2. Implementing the Corer Smart Wall Threat defense system (Stevanovic, 2016).
3. Implementing device authentication system (Van Trung et al., 2015).
4. Considering limiting capabilities of devices
5. Strong authentication should be used for administrators and services that are using the
system (Guo & Heidemann, 2018).
6. Ensuring firmware update
7. Regular monitoring of networks
8. An incident response plan should be developed by exact organizations which are
under the list of the targeted botnet attacks.
Conclusion:
Thus, from the above report it can be concluded that Distributed denial of service
attack is taking away major of the organisations credentials by launching different types of
attacking vectors. In this type if attack computers get infected by the malicious software or
emails via social media. The attack is mainly performed to shut down the network
accessibility of the targeted machine by means of flooding the traffic or by sending
information that triggers the crashing of the network. In both the cases, the Distributed denial
of service attack prevents the access of users to the websites and in the meantime tries
spoofing the IP addresses. Often high profile organisations are targeted under the Distributed
denial of service attack. The distributed denial of service attack not only results in the loss of
important information but also the hacker performing this attack gets hold of the important

8CONTEMPORARY CYBER SECURITY ISSUES
assets that are present within the business organization. In future, the possibility of
Distributed denial of service attack is very much high due to the rise of competition among
business organisations in the market. With the advancement of technology, modern day
software systems will open the possibility of Distributed denial of service attack from the
user’s interface only. In future it may often lead to locking up of the government sites as well
contributing to a major loss in the public data. As discussed, the distributed denial of service
attack may take place for hours which in future may lead to massive corruption in the
financial data of the users or the organisations which may even lead to the fall of the
enterprise. So, in order to mitigate the attack in future, software systems need to be updated
frequently with latest security patches and by installing updated version of firewalls to serve
as the first wall of defense against this attack.

9CONTEMPORARY CYBER SECURITY ISSUES
References:
Angrishi, K. (2017). Turning internet of things (iot) into internet of vulnerabilities (iov): Iot
botnets. arXiv preprint arXiv:1702.03681.
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., ... & Kumar,
D. (2017). Understanding the mirai botnet. In 26th {USENIX} Security Symposium
({USENIX} Security 17) (pp. 1093-1110).
Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2015). An empirical evaluation of
information metrics for low-rate and high-rate DDoS attack detection. Pattern
Recognition Letters, 51, 1-7.
Deshmukh, R. V., & Devadkar, K. K. (2015). Understanding DDoS attack & its effect in
cloud environment. Procedia Computer Science, 49, 202-210.
Djedjig, N., Romdhani, I., Tandjaoui, D., & Medjek, F. (2017). Trust-Based Defence Model
Against MAC Unfairness Attacks for IoT. ICWMC, 2017, 127.
Guo, H., & Heidemann, J. (2018, August). IP-based IoT device detection. In Proceedings of
the 2018 Workshop on IoT Security and Privacy (pp. 36-42). ACM.
Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J. (2017). DDoS in the IoT: Mirai and
other botnets. Computer, 50(7), 80-84.
Lim, S., Ha, J., Kim, H., Kim, Y., & Yang, S. (2014, July). A SDN-oriented DDoS blocking
scheme for botnet-based attacks. In 2014 Sixth International Conference on
Ubiquitous and Future Networks (ICUFN) (pp. 63-68). IEEE.
Stevanovic, D. (2016). Denial of Service in Web-Domains: Building Defenses Against Next-
Generation Attack Behavior.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10CONTEMPORARY CYBER SECURITY ISSUES
Trapeznikov, E. V. (2018, April). Information security system quality assessment through the
intelligent tools. In Journal of Physics: Conference Series (Vol. 998, No. 1, p.
012037). IOP Publishing.
Van Trung, P., Huong, T. T., Van Tuyen, D., Duc, D. M., Thanh, N. H., & Marshall, A.
(2015, October). A multi-criteria-based DDoS-attack prevention solution using
software defined networking. In 2015 International Conference on Advanced
Technologies for Communications (ATC) (pp. 308-313). IEEE.
Wang, B., Zheng, Y., Lou, W., & Hou, Y. T. (2015). DDoS attack protection in the era of
cloud computing and software-defined networking. Computer Networks, 81, 308-319.