ABSTRACT
In the previous chapters, we provided an extensive presentation of machine learning methods followed by detailed discussions of current state-of-the-art research in DDoS attack detection, prevention, reaction, mitigation, and tolerance. In particular, Chapter 2 is dedicated to causes, evolution, and classification of DDoS attacks. To practically understand how attackers plan and mount DDoS attacks, we discussed the development of a testbed with accompanying tools to launch DDoS flooding attacks of random packet intensity (low-rate to high-rate) using a random number of compromised nodes in Chapter 7. Although in past years, network security researchers have presented several innovative and practical solutions to detect, protect from, react to, mitigate, and tolerate DDoS attacks, there are still many challenges to overcome to safeguard networks from growing threats of this sophisticated attack. With the increased complexity in the technology used by intruders to launch attacks and with the growing evolution of high-speed network technology, we believe that future attackers are always designing more effective attack launching tools to inflict maximum damage. Our intention is to help improve the know-how of network security researchers and practitioners about design trends in attacks tools; our purpose is neither to educate anyone in the design of attack launching tools themselves nor to teach how to counter DDoS attack mitigation techniques or methods. It is only possible for a defender to protect a network by
filtering malicious traffic when the defender has in-depth knowledge of the various ways an attacker can attempt to intrude into the network.
Source IP spoofing is an effective technique used widely by DDoS attackers. Although many researchers deem source IP spoofing to be of low relevance and low usefulness in the context of current botnet-based DDoS attacks, many attackers still prefer to use it because it is inexpensive and effective at the same time. It is also costly to hire a botnet and manage it properly. Even though ingress and egress filters are considered very effective in filtering traffic with invalid IP addresses, attackers still manage to bypass such protection mechanisms using appropriate source IP spoofing schemes. Thus, providing a foolproof solution against source IP spoofing still remains an important research issue.
