Distributed Denial of Service Attacks: Detection and Prevention

Availability requires that computer systems function normally without loss of resources to legitimate users. One of the most challenging issues of availability is Denial-of-Service (DoS) attacks. These attacks achieve their goal by sending at a victim a stream of packets that swamps his network or processing capacity denying access to regular clients. Distributed Denial of Service (DDoS) attacks, on the other hand, add the many-to-one dimension to the DoS problem, making the prevention and mitigation of such attacks more difficult and the impact proportionally severe. This book presents a new mechanisms for detecting and preventing both DoS and DDos attacks and Suggesting an architecture to counteract the DoS and DDoS attacks. Therefore, the latest mechanisms that based on the ingress/egress mechanisms have been adopted in this work as the first phase of defense. The second phase is the overlay network used to hide the web server with its three stages: the public server, the access node, and the protected web server. Finally, the book ends with a mechanisms that can be adopted against DoS and DDoS attacks.