Dağıtık Siber Saldırıların İnternet Hizmetlerinin Kullanılabilirliği Üzerindeki Etkisi: DDoSphere ile Deneysel Bir Analiz
Abstract
Bu araştırma, farklı coğrafi konumlardan kaynaklanan yoğun trafiği kullanarak sistemleri çökerten siber saldırılar olan DDoS saldırılarının, ağ performansını nasıl etkilediğini incelemeyi amaçlamıştır. Volumetrik, protokol ve uygulama katmanındaki DDoS saldırılarının, ağ üzerindeki etkileri simülasyonlarla incelenmiş ve bu saldırıların sistemlerin işlem gücünü ve bant genişliğini nasıl tükettiği detaylı olarak analiz edilmiştir. Özellikle çoklu kaynaklı saldırıların, tespit ve savunma sistemlerini zorlaması üzerine odaklanan bu çalışma, Ddosphere simülasyon aracıyla desteklenmiştir. Elde edilen sonuçlar, ağ yöneticileri ve siber güvenlik uzmanlarına, ağ performansını artırmak ve DDoS saldırılarına karşı daha etkili savunma stratejileri geliştirmek için değerli bilgiler sunmaktadır. Bu çalışma, Türkiye Bilimsel ve Teknolojik Araştırma Kurumu'nun desteklediği "DDOS Tabanlı Siber Saldırı Test Modülü" projesi kapsamında Virgosol tarafından yürütülmüştür.
Keywords
DDoS saldırıları Ağ performansı Siber güvenlik Ddosphere Çoklu konumlu saldırılar Simülasyon tabanlı analiz Savunma stratejileri
Thanks
Bu çalışmanın özet hali, 21. UBAK Uluslararası Bilimsel Araştırmalar Kongresi'nde (12-13 Ekim 2024) sunulmuştur.
References
- A. Hussain, J. Heidemann, C. Papadopoulos, “Distinguishing between single and multi-source attacks using signal processing”, Computer Networks 46:4 (2004) 479–503. Doi: 10.1016/j.comnet.2004.02.016
- A. Chadd, “DDoS attacks: past, present and future”, Network Security 2018:7 (2018) 13–15. Doi:10.1016/S1353-4858(18)30069-2
- D. Dittrich, “The DoS Project's 'trinoo' distributed denial of service attack tool”, University of Washington (1999). Available: https://staff.washington.edu/dittrich/misc/trinoo.analysis.txt.
- V. Paxson, "An analysis of using reflectors for distributed denial-of-service attacks", ACM SIGCOMM Computer Communication Review, 31(3), 38–47 (2001)
- D. Goodin, "Mafiaboy and the Yahoo Attack of 2000" Ars Technica (2010)
- D. Moore, C. Shannon, G. M. Voelker, S. Savage, “Internet quarantine: requirements for containing self-propagating code”, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428), San Francisco, CA, USA 3 (2003) 1901–1910. Doi:10.1109/INFCOM.2003.1209212
- M. Prince, “The DDoS That Almost Broke the Internet”, Cloudflare Blog (2013). Available: https://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet/
- M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, et al., “Understanding the Mirai Botnet”, Proceedings of the 26th USENIX Security Symposium (2017) 1093–1110. Available: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis
- S. Hilton, “The GitHub 1.35Tbps DDoS Attack Breakdown”, KrebsOnSecurity (2018).
- AWS Security Team, “Mitigating the Largest DDoS Attack on Record”, AWS Shield Threat Landscape Report – Q1 2020 (2020).
- O. Yoachimik, “Cloudflare mitigates 26 million request per second DDoS attack”, Cloudflare Blog (2022). Available: https://blog.cloudflare.com/26m-rps-ddos-attack/
- J. Anderson and B. Smith, “AI-Driven Botnets and the Future of DDoS Attacks”, ACM Transactions on Cybersecurity (2023).
- S. Nakamoto, “DDoS Attacks on Web3 Infrastructure: Challenges and Countermeasures”, IEEE Transactions on Network Security (2024).
- C. Douligeris, & A. Mitrokotsa, “DDoS attacks and defense mechanisms: classification and state-of-the-art”, Computer Networks, 44(5), 643–666 (2004). https://doi.org/10.1016/j.comnet.2003.10.003
- H. Harshita, “Detection and Prevention of ICMP Flood DDoS Attack”, International Journal of New Technology and Research 3:3 (2017) 63–69. Available: https://www.neliti.com/publications/263333/detection-and-prevention-of-icmp-flood-ddos-attack
- M. Bogdanoski, T. Shuminoski, A. Risteski, “Analysis of the SYN flood DoS attack”, International Journal of Computer Network and Information Security 5:8 (2013) 1–11. Doi:10.5815/ijcnis.2013.08.01.
- E. Kumara, “Lesson 2: DoS Attacks, Spoofing, Smurf Attacks, and Phishing”, Tugas Jaringan Komputer, Universitas Sriwijaya, Fakultas Ilmu Komputer, Sistem Komputer SK5C, (2018), 2 s. Available: https://edocs.ilkom.unsri.ac.id/1880/1/Tugas6_09011281520098.pdf
- A. R. Shaaban, E. Abdelwaness, M. Hussein, “TCP and HTTP Flood DDoS Attack Analysis and Detection for Space Ground Network”, 2019 IEEE International Conference on Vehicular Electronics and Safety (ICVES), Cairo, Egypt, 2019, pp. 1–6. Doi:10.1109/ICVES.2019.8906361
- S. Sabri, N. Ismail, A. Hazzim, “Slowloris DoS Attack Based Simulation”, IOP Conference Series: Materials Science and Engineering, vol. 1062, no. 1, 2021, p. 012029. Doi:10.1088/1757-899X/1062/1/012029
- M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, ... Y. Zhou, “Understanding the Mirai Botnet”, 26th USENIX Security Symposium (USENIX Security 17) (2017) 1093–1110. Available: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis
- G. Kambourakis, T. Moschos, D. Geneiatakis, S. Gritzalis, “Detecting DNS Amplification Attacks”, in Critical Information Infrastructures Security, J. Lopez & B. M. Hämmerli (eds.), Lecture Notes in Computer Science, vol. 5141, Springer, Berlin, Heidelberg, 2008, pp. 185–196. doi:10.1007/978-3-540-89173-4_16
- L. Rudman, B. Irwin, “Characterization and Analysis of NTP Amplification Based DDoS Attacks”, 2015 Information Security for South Africa (ISSA) (2015) 1–5. Doi:10.1109/ISSA.2015.7335052
- T. Rozekrans, M. Mekking, J. de Koning, “Defending against DNS Reflection Amplification Attacks,” University of Amsterdam, System and Network Engineering Research Project 1 (RP1) (2013) 1–24. Available: https://www.nlnetlabs.nl/downloads/publications/report-rrl-dekoning-rozekrans.pdf
- L. Rudman, “Analysis of NTP Based Amplification DDoS Attacks”, Technical Report, 2014, pp. 1–18. Available: https://digifors.cs.up.ac.za/issa/2015/Proceedings/Full/71_Paper.pdf
- C. Sheth, R. Thakker, “Performance Evaluation and Comparison of Network Firewalls under DDoS Attack”, International Journal of Computer Network and Information Security, vol. 5, no. 12, pp. 60–67, 2013. doi:10.5815/ijcnis.2013.12.08
- M. Sachdeva, K. Kumar, G. Singh, K. Singh, “Performance Analysis of Web Service under DDoS Attacks”, in 2009 IEEE International Advance Computing Conference, Patiala, India, Mar. 2009, pp. 1002–1007. doi:10.1109/IADCC.2009.4809190
The Impact of Distributed Cyberattacks on the Availability of Internet Services: An Empirical Analysis with DDoSphere
Abstract
This research aims to examine how DDoS attacks, which are cyberattacks that use heavy traffic from different geographical locations to disrupt systems, affect network performance. The impact of DDoS attacks at the volumetric, protocol, and application layers on networks was analyzed through simulations, and the way these attacks consume system processing power and bandwidth thoroughly studied. This study specifically focuses on the challenges posed by multi-sourced attacks to detection and defense mechanisms, and is supported by the Ddosphere simulation tool. The findings provide valuable insights for network administrators and cybersecurity experts to enhance network performance and to develop more effective defense strategies against DDoS attacks. This study was conducted by Virgosol within the scope of the "DDoS-Based Cyberattack Test Module" project, and it was supported by the Scientific and Technological Research Council of Turkey (TÜBİTAK).
Keywords
DDoS attacks Network performance CyberSecurity Ddosphere Multi-location attacks Simulation-based analysis Defense strategies
Thanks
A summary of this study was presented at the 21st UBAK International Congress of Scientific Research (October 12–13, 2024).
References
- A. Hussain, J. Heidemann, C. Papadopoulos, “Distinguishing between single and multi-source attacks using signal processing”, Computer Networks 46:4 (2004) 479–503. Doi: 10.1016/j.comnet.2004.02.016
- A. Chadd, “DDoS attacks: past, present and future”, Network Security 2018:7 (2018) 13–15. Doi:10.1016/S1353-4858(18)30069-2
- D. Dittrich, “The DoS Project's 'trinoo' distributed denial of service attack tool”, University of Washington (1999). Available: https://staff.washington.edu/dittrich/misc/trinoo.analysis.txt.
- V. Paxson, "An analysis of using reflectors for distributed denial-of-service attacks", ACM SIGCOMM Computer Communication Review, 31(3), 38–47 (2001)
- D. Goodin, "Mafiaboy and the Yahoo Attack of 2000" Ars Technica (2010)
- D. Moore, C. Shannon, G. M. Voelker, S. Savage, “Internet quarantine: requirements for containing self-propagating code”, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428), San Francisco, CA, USA 3 (2003) 1901–1910. Doi:10.1109/INFCOM.2003.1209212
- M. Prince, “The DDoS That Almost Broke the Internet”, Cloudflare Blog (2013). Available: https://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet/
- M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, et al., “Understanding the Mirai Botnet”, Proceedings of the 26th USENIX Security Symposium (2017) 1093–1110. Available: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis
- S. Hilton, “The GitHub 1.35Tbps DDoS Attack Breakdown”, KrebsOnSecurity (2018).
- AWS Security Team, “Mitigating the Largest DDoS Attack on Record”, AWS Shield Threat Landscape Report – Q1 2020 (2020).
- O. Yoachimik, “Cloudflare mitigates 26 million request per second DDoS attack”, Cloudflare Blog (2022). Available: https://blog.cloudflare.com/26m-rps-ddos-attack/
- J. Anderson and B. Smith, “AI-Driven Botnets and the Future of DDoS Attacks”, ACM Transactions on Cybersecurity (2023).
- S. Nakamoto, “DDoS Attacks on Web3 Infrastructure: Challenges and Countermeasures”, IEEE Transactions on Network Security (2024).
- C. Douligeris, & A. Mitrokotsa, “DDoS attacks and defense mechanisms: classification and state-of-the-art”, Computer Networks, 44(5), 643–666 (2004). https://doi.org/10.1016/j.comnet.2003.10.003
- H. Harshita, “Detection and Prevention of ICMP Flood DDoS Attack”, International Journal of New Technology and Research 3:3 (2017) 63–69. Available: https://www.neliti.com/publications/263333/detection-and-prevention-of-icmp-flood-ddos-attack
- M. Bogdanoski, T. Shuminoski, A. Risteski, “Analysis of the SYN flood DoS attack”, International Journal of Computer Network and Information Security 5:8 (2013) 1–11. Doi:10.5815/ijcnis.2013.08.01.
- E. Kumara, “Lesson 2: DoS Attacks, Spoofing, Smurf Attacks, and Phishing”, Tugas Jaringan Komputer, Universitas Sriwijaya, Fakultas Ilmu Komputer, Sistem Komputer SK5C, (2018), 2 s. Available: https://edocs.ilkom.unsri.ac.id/1880/1/Tugas6_09011281520098.pdf
- A. R. Shaaban, E. Abdelwaness, M. Hussein, “TCP and HTTP Flood DDoS Attack Analysis and Detection for Space Ground Network”, 2019 IEEE International Conference on Vehicular Electronics and Safety (ICVES), Cairo, Egypt, 2019, pp. 1–6. Doi:10.1109/ICVES.2019.8906361
- S. Sabri, N. Ismail, A. Hazzim, “Slowloris DoS Attack Based Simulation”, IOP Conference Series: Materials Science and Engineering, vol. 1062, no. 1, 2021, p. 012029. Doi:10.1088/1757-899X/1062/1/012029
- M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, ... Y. Zhou, “Understanding the Mirai Botnet”, 26th USENIX Security Symposium (USENIX Security 17) (2017) 1093–1110. Available: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis
- G. Kambourakis, T. Moschos, D. Geneiatakis, S. Gritzalis, “Detecting DNS Amplification Attacks”, in Critical Information Infrastructures Security, J. Lopez & B. M. Hämmerli (eds.), Lecture Notes in Computer Science, vol. 5141, Springer, Berlin, Heidelberg, 2008, pp. 185–196. doi:10.1007/978-3-540-89173-4_16
- L. Rudman, B. Irwin, “Characterization and Analysis of NTP Amplification Based DDoS Attacks”, 2015 Information Security for South Africa (ISSA) (2015) 1–5. Doi:10.1109/ISSA.2015.7335052
- T. Rozekrans, M. Mekking, J. de Koning, “Defending against DNS Reflection Amplification Attacks,” University of Amsterdam, System and Network Engineering Research Project 1 (RP1) (2013) 1–24. Available: https://www.nlnetlabs.nl/downloads/publications/report-rrl-dekoning-rozekrans.pdf
- L. Rudman, “Analysis of NTP Based Amplification DDoS Attacks”, Technical Report, 2014, pp. 1–18. Available: https://digifors.cs.up.ac.za/issa/2015/Proceedings/Full/71_Paper.pdf
- C. Sheth, R. Thakker, “Performance Evaluation and Comparison of Network Firewalls under DDoS Attack”, International Journal of Computer Network and Information Security, vol. 5, no. 12, pp. 60–67, 2013. doi:10.5815/ijcnis.2013.12.08
- M. Sachdeva, K. Kumar, G. Singh, K. Singh, “Performance Analysis of Web Service under DDoS Attacks”, in 2009 IEEE International Advance Computing Conference, Patiala, India, Mar. 2009, pp. 1002–1007. doi:10.1109/IADCC.2009.4809190
Details
| Primary Language | Turkish |
|---|---|
| Subjects | Computer System Software, Software Quality, Processes and Metrics, Software Testing, Verification and Validation |
| Journal Section | Research Articles |
| Authors | |
| Early Pub Date | April 29, 2025 |
| Publication Date | April 30, 2025 |
| Submission Date | January 29, 2025 |
| Acceptance Date | March 22, 2025 |
| Published in Issue | Year 2025 Volume: 3 Issue: 1 |
Alpha Journal of Engineering and Applied Sciences © 2023 is licensed under the Creative Commons Attribution 4.0 International License (CC BY) 