Detection
Denial of Service (DoS) attacks manipulate standard communication protocols. Despite having multiple variations, each attack follows a predictable pattern, providing system administrators and cybersecurity professionals an indication of an ongoing attack.
 |  |
 |  |
Prevention
Below you see the end results of the LEACH algorithm that will be further explained in the next section. The graph shows the amount of data that would be sent by a node that is considered compromised. The authors describe the blue line as “the number of transmitted packets by a compromised node in the simulation without considering thresholds”(Mansouri et al., 2015). The viavi observer platform defines thresholds as “values that determine if a statistic is above, below, or within normal range on your network”(n.d.). Or in other words it shows if the values shown are above or below average. The red line describes the information that was being passed during the experiment. Both show a significant decrease in the information being passed once the node is considered compromised.
(Mansouri et al., 2015)
Mitigation
Deepali and Bhushan (2017, p. 310) implemented Cisco’s Fog Computing to combat DoS attacks. This Fog Computing layer increases the capacity of the network by allocating resources to users and starving malicious attackers. Nsaif et. al. (2020) proposes a more reactive approach, with a mitigation algorithm that uses tables of IP address metadata. Their plan is to create a blacklist, greylist and whitelist of IP addresses. The blacklist will hold IP addresses that have been confirmed DDoS attackers. The greylist will contain IP addresses that are “suspicious” (meaning the behavior is erratic). If their suspicious behavior continues then they are removed from the network. The whitelist will be for well-known, high priority or registered users.
