Distributed frameworks for detecting distributed denial of service attacks: A comprehensive review, challenges and future directions

Abstract

AbstractA distributed denial of service (DDoS) attack is a significant threat to web‐based applications and hindering legitimate traffic (denies access to benign users) by overwhelming the victim system or its infrastructure (service, bandwidth, networking devices, etc.) with a large volume of attack traffic. It leads to a delay in responses or sometimes a crash victim system. Even a few moments of pause in web‐based applications lead to a huge monetary loss and a bad reputation in the market. Several approaches available in the literature to protect websites from different types of DDoS attacks. However, incidents and volume sizes of DDoS attacks are growing quarter by quarter. Further, various challenges in the traditional framework based defense mechanisms: itself becoming a victim of attacks while analyzing a massive amount of traffic, require more time for detection process, no coordination among the modules, etc. This paper presents a comprehensive DDoS defense deployment taxonomy and critically reviewed existing distributed frameworks based DDoS attack detection systems. Further, characterized several existing distributed processing frameworks to select an appropriate one for deploying DDoS attack detection mechanisms. Finally, several evaluation metrics, open issues, discussion on available datasets including their limitations, and future directions are presented.