Anticipating Moves to Prevent Botnet Generated DDoS Flooding Attacks

TL;DR

This paper discusses the importance of early detection and anticipation of botnet-driven DDoS attacks, emphasizing novel approaches to predict attack trends before they fully develop.

Contribution

It provides an overview of methods for anticipating DDoS attack trends early and discusses their advantages and open challenges.

Findings

Early anticipation can improve mitigation effectiveness.

Adaptive botnets pose significant detection challenges.

Various approaches have potential for early DDoS trend prediction.

Abstract

Volumetric Distributed Denial of Service (DDoS) attacks have been a recurrent issue on the Internet. These attacks generate a flooding of fake network traffic to interfere with targeted servers or network links. Despite many efforts to detect and mitigate them, attackers have played a game always circumventing countermeasures. Today, there is an increase in the number of infected devices, even more with the advent of the Internet of Things and flexible communication technologies. Leveraging device-to-device short range wireless communications and others, infected devices can coordinate sophisticated botnets, which can be employed to intensify DDoS attacks. The new generation of botnets is even harder to detect because of their adaptive and dynamic behavior yielded by infected mobile portable devices. Additionally, because there can be a large number of geographically distributed devices, botnets increase DDoS traffic significantly. In face of their new behavior and the increasing volume of DDoS traffic, novel and intelligent-driven approaches are required. Specifically, we advocate for {\em anticipating} trends of DDoS attacks in the early stages as much as possible. This work provides an overview of approaches that can be employed to anticipate trends of DDoS attacks generated by botnets in their early stages and brings an insightful discussion about the advantages of each kind of approach and open issues.