A survey and meta-analysis of application-layer distributed denial-of-service attack

摘要

Background One of the significant attacks targeting the application layer is the distributed denial-of-service (DDoS) attack. It degrades the performance of the server by usurping its resources completely, thereby denying access to legitimate users and causing losses to businesses and organizations. Aim This study aims to investigate existing methodologies for application-layer DDoS (APDDoS) attack defense by using specific measures: detection methods/techniques, attack strategy, and feature exploration of existing APDDoS mechanisms. Methodology The review is carried out on a database search of relevant literature in IEEE Xplore, ACM, Science Direct, Springer, Wiley, and Google Search. The search dates to capture journals and conferences are from 2000 to 2019. Review papers that are not in English and not addressing the APDDoS attack are excluded. Three thousand seven hundred eighty-nine studies are identified and streamlined to a total of 75 studies. A quantifiable assessment is performed on the selected articles using six search procedures, namely: source, methods/technique, attack strategy, datasets/corpus, status, detection metric, and feature exploration. Results Based on existing methods/techniques for detection, the results show that machine learning gave the highest proportion with 36%. However, assessment based on attack strategy shows that several studies do not consider an attack form for deploying their solution. Result based on existing features for the APDDoS detection technique shows request stream during a user session and packet pattern gave the highest result with 47%. Unlike packet header information with 33%, request stream during absolute time interval with 12% and web user features 8%. Conclusion Research findings show that a large proportion of the solutions for APDDoS attack detection utilized features based on request stream during user session and packet pattern. The optimization of features will improve detection accuracy. Our study concludes that researchers need to exploit all attack strategies using deep learning algorithms, thus enhancing effective detection of APDDoS attack launch from different botnets.