Distributed denial of service attacks as threat vectors to economic infrastructure: Motives, estimated losses and defense against the HTTP/1.1 GET and SYN floods nightmares

Abstract

With the number of nodes in the Internet's backbone networks rising exponentially the possibility of emergence of entities exhibiting outwardly hostile intents has been steadily increasing. The cyberspace is fittingly termed "the no man's land" because of an unprecedented growth pattern and lackluster control mechanisms. Distributed Denial of Service (DDoS) attacks take advantage of the current situation and primarily aim at destabilizing or severely limiting usability of infrastructure to the end-users in part or whole. A typical DDoS incursion exploiting heterogeneous base of personal computers consists of two phases: insertion of predefined set of instructions into the host systems via either self-propagating or non-reproducing malware and simultaneous execution of repeating queries to a destination unit. Generally targeted and deployed to impede functionality of a single or multiple servers with similar properties and utilizing substantial resources with little to no discernible selection criteria, DDoSes poses a significant threat. Moreover, effective and efficient countermeasures require experience, precision, speed, operational awareness, appropriate security protocols summarizing and alleviating potential consequences in case of failure to contain as well as proactive detection algorithms in place. Global response instruments (batch filtering, temporary IP address blacklisting) are only suitable for SYN floods, whereas during GET DDoS the same tools can't be used due to presence of legitimate incoming requests. The article scrutinizes methodology and policies currently in effect as a part of Critical Infrastructure Protection initiatives. The examination allows to outline procedural decision-making trees in the event of a DDoS violation while maintaining predefined and consistent quality of service level. Furthermore, rationale of perpetrators' motives to instigate the attacks are hypothesized with preferential focus on economic infrastructure components. These hubs of virtualized economy are detailed and target selection probabilities in tactical and strategic perspectives are identified based on known facts. Financial losses, worst case scenarios and social repercussions following a successful intrusion are also investigated by means of inference from successful DDoS insurgences.