Detection
Each variation of DoS attacks is characterized by a routine attack pattern. Knowing the distinguishing characteristics of each attack is beneficial when implementing active logging procedures and security information event management (SIEM) software.
Logs can be set to continuously monitor traffic on desired ports/services and save the output to a PCAP (Wireshark extension) file. Then, utilizing parsing software or command-line utilities (e.g. awk and grep), system administrators and cybersecurity professionals can filter for any abnormalities in traffic; thus successfully detecting a DoS attack.
Prevention
As technology advances, network administrators as well as cybersecurity professionals seek different ways in order to detect, prevent, and mitigate attacks such as Denial of Service. In order to prevent DoS attacks the administrator can use several techniques as well as detection methods that can help against these attacks. For instance, The LEACH algorithm, when used repeatedly, has proven to have significant results that can help detect as well as prevent such attacks. LEACH stands for Low Energy Adaptive Clustering Hierarchy, more often referred to as a “dynamic clustering protocol” (Mansouri et al.,2015). To elaborate, this algorithm forms groups of nodes and with every group that is created they are represented by the name cluster head, where the role of each cluster head is to collect information from the other nodes that are around them (Mansouri et al., 2015). According to Mansouri et al., the goal of this algorithm to be implemented repeatedly is to collect information in order to monitor traffic within each group that is created(2015). With this information any compromised node will be blocked or ignored by its surrounding nodes, preventing DoS attacks. To put the algorithm in simpler words, the LEACH algorithm works recursively, repeatedly, in order to make the first set of groups that will report the first set of information of their surrounding groups. Then, it runs again in order to make bigger groups that will monitor the information within those bigger groups. If the information that is being sent is higher than the normal data it will be considered as “compromised” and would later be either blocked or ignored. To add on, some simpler steps that Andres and Kenyon recommend are to make sure the networks are up to date, use Quality of Service that impedes users from sending large amounts of traffic while under attack(2004). With these techniques one can focus on creating a stronger network in order to prevent these attacks.
Mitigation
When mitigating Denial of Service attacks, the goal is to lessen the impact on innocent users. Most people propose increasing the network capacity. A larger network should handle the strain of a DoS attack. Yet, that concept only delays the inevitable. Others suggest weeding out the malicious users. What if there are millions of malicious users on a network. How long will that take to filter them out?
