Mazkur maqolada xizmat koʻrsatishdan voz kechishga undovchi taqsimlangan kiberhujumlar tahlil qilingan va ularning tasnifi ishlab chiqilgan. Ushbu hujumlarning toifalari bo‘yicha kamchiliklari tavsiflangan. Hujumlarning har bir toifasi uchun uni amalga oshirish sxemasi misollar yordamida yoritilgan. Yovuz niyatli foydalanuvchilar tomonidan amalga oshirilgan hujumlar soni, ularning maqsadi va turi tahlil qilingan. Tadqiqot natijalariga koʻra, xizmat koʻrsatishdan voz kechishga undovchi taqsimlangan hujumlarni amalga oshirishda yovuz niyatli foydalanuvchilar tomonidan UDP flood (53,64%) eng koʻp foydalanilgan va GRE flood (1,41 %) eng kam foydalanilgan hujum turi ekanligi aniqlangan. Xizmat ko‘rsatishdan voz kechishga undovchi taqsimlangan hujumlar xavfsizlik bo‘yicha mutaxassislarni tashvishga soladigan asosiy masaladir. Ushbu maqola tadqiqotchilar va kiberxavfsizlik mutaxassislariga zamonaviy xizmat ko‘rsatishdan voz kechishga undovchi taqsimlangan hujumlarni amalga oshirish vositalarini yaxshiroq tushunishlari uchun foydali bo‘lishi mumkin.
Mazkur maqolada xizmat koʻrsatishdan voz kechishga undovchi taqsimlangan kiberhujumlar tahlil qilingan va ularning tasnifi ishlab chiqilgan. Ushbu hujumlarning toifalari bo‘yicha kamchiliklari tavsiflangan. Hujumlarning har bir toifasi uchun uni amalga oshirish sxemasi misollar yordamida yoritilgan. Yovuz niyatli foydalanuvchilar tomonidan amalga oshirilgan hujumlar soni, ularning maqsadi va turi tahlil qilingan. Tadqiqot natijalariga koʻra, xizmat koʻrsatishdan voz kechishga undovchi taqsimlangan hujumlarni amalga oshirishda yovuz niyatli foydalanuvchilar tomonidan UDP flood (53,64%) eng koʻp foydalanilgan va GRE flood (1,41 %) eng kam foydalanilgan hujum turi ekanligi aniqlangan. Xizmat ko‘rsatishdan voz kechishga undovchi taqsimlangan hujumlar xavfsizlik bo‘yicha mutaxassislarni tashvishga soladigan asosiy masaladir. Ushbu maqola tadqiqotchilar va kiberxavfsizlik mutaxassislariga zamonaviy xizmat ko‘rsatishdan voz kechishga undovchi taqsimlangan hujumlarni amalga oshirish vositalarini yaxshiroq tushunishlari uchun foydali bo‘lishi mumkin.
В данной статье проведен анализ распределенных кибератак типа "отказ в обслуживании" и разработана их классификaция. Дано описание недостатков и уязвимостей распределенных атак типа "отказ в обслуживании" по категориям. Представлена схема реализaции с примерами для каждой категории распределенных атак типа "отказ в обслуживании". Проанализировано количество атак, осуществленных злоумышленниками, а также цель и тип используемой атаки. По результатам исследования, атака типа UDP-флуд (53,64 %) является наиболее распространенной при реализaции распределенных атак злоумышленниками, а GRE-флуд с 1,41 % определена как самый редкий тип. Распределенные атаки типа "отказ в обслуживании" являются серьезной проблемой для экспертов по безопасности. Эта статья может быть полезна для исследователей и экспертов по кибербезопасности для лучшего понимания инструментов распределенных атак типа "отказ в обслуживании" в настоящее время.
This article analyzes distributed cyberattacks of the “Denial of Service” type and develops their classification. A description of the shortcomings and vulnerabilities of distributed denial-of-service attacks by category is given. An implementation diagram with examples for each category of distributed denial of service attacks is presented. Analyzed the number of attacks carried out by attackers, as well as the purpose and type of attack used. According to the results of the study, the UDP-flood 53.64% attack type is the most commonly used type by attackers in implementing distributed attacks, and the GRE-flood 1.41% is defined as the least used type. Distributed denial of service attacks are the major concern for security experts. This paper can be helpful for researchers and cyber security experts to provide a better understanding of distributed denial of service attack tools in present times.
№ | Имя автора | Должность | Наименование организации |
---|---|---|---|
1 | Kadirov M.M. | texnikа fanlari boʻyicha falsafa doktori (PhD), “Axborot texnologiyalari” kafedrasi dotsenti | Islom Karimov nomidagi Toshkent davlat texnika universiteti |
№ | Название ссылки |
---|---|
1 | Abdugafforovich, A., Rajaboevich, G., & Ildarovna, A. (2022). Development a Model of a Network Attack Detection in Information and Communication Systems. Journal of Advances in Information Technology, 13(4). |
2 | About Positive Technologies. Retrieved from https://www.ptsecurity.com/ww-en/about/ |
3 | About StormWall. Retrieved from https://stormwall.pro/about |
4 | Actual cyber threats: results of 2022. Retrieved from https://www.ptsecurity.com/ru-ru/ research/analytics/cybersecurity-threatscape-2022 |
5 | Bamasag, O., Alsaeedi, A., Munshi, A., Alghazzawi, D., Alshehri, S., & Jamjoom, A. (2022). Real-time DDoS flood attack monitoring and detection (RT-AMD) model for cloud computing. Computer Science, 7, e814. |
6 | Bogomolova, L. (2022). Classification of DDOS attacks and their implementation. Modern Innovations, 1(41), 51-53. |
7 | Cadet, F., & Fokum, D. (2016). Coping with denial-of-service attacks on the IP telephony system. Proceedings of the SoutheastCon (pp. 1-7). IEEE. |
8 | Chai, T., Goh, H., Liew, S., & Ponnusamy, V. (2023). Protection Schemes for DDoS, ARP Spoofing, and IP Fragmentation Attacks in Smart Factory. Systems, 11(4), 211. |
9 | Chou, E., & Gruves, R. (2018). Distributed Denial of Service (DDoS). O‘Reilly Media, Inc. Retrieved from https://www.oreilly.com/library/view/distributed-denial-of/9781492026181/ch01.html |
10 | Cybersecurity threatscape: Q1 2023. Retrieved from https://www.ptsecurity.com/upload/ corporate/ww-en/analytics/positive-research-2023-eng.pdf |
11 | DDoS attacks in Q3 2022. Retrieved from https://securelist.ru/ddos-report-q3-2022/106012/ |
12 | Enoch, S., Huang, Z., Moon, C., Lee, D., Ahn, M., & & Kim, D. (2020). HARMer: Cyber-attacks automation and evaluation. IEEE Access, 8, 129397-129414. |
13 | Gulomov, S., & Kadyrov, M. (2019). Protection of information from network attacks. Tashkent: Fan va technology |
14 | IP Fragmentation Attack. Retrieved from https://www.imperva.com/learn/application-security/ip-fragmentation-attack-teardrop |
15 | Kaspersky Lab. Retrieved from https://www.kaspersky.ru/about/company |
16 | Kesavamoorthy, R. (2020). Classification of DDoS attacks – A survey. Test Eng. Manag., 83, 12926-12932. |
17 | Kharitonov, V., & Cheryapkin, D. (2016). DDOS attack: classification and features. Postulate, 12(14), 45-49. |
18 | Kim, J., Kim, J., Kim, H., Shim, M., & Choi, E. (2020). CNN-based network intrusion detection against denial-of-service attacks. Electronics, 9(6), 916. |
19 | Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security. Emerging trends and recent developments: Energy Reports, 7, 8176-8186. |
20 | Lin, S., & Chiueh, T. (2006). A Survey on Solutions to Distributed Denial of Service Attacks. Retrieved from https://studylib.net/doc/11607459/a-survey-on-solutions-to-distributed-denial-ofservice-at |
21 | Mammadova, K., & Aslanov, R. (2023). Installation of integrated intellectual information security systems in open corporate networks–DDoS attack. Proceedings of the Conference “InterConf+”, 32(151), pp. 643-651. |
22 | Muthurajkumar, S., Geetha, A., Aravind, S., & Meharajnisa, B. (2022). UDP Flooding Attack Detection Using Entropy in Software-Defined Networking. Proceedings of International Conference on Communication and Computational Technologies (pp. 549-560). Singapore: Springer Nature Singapore. |
23 | Navruzov, E., & Kabulov, A. (2022). Detection and analysis types of DDoS attack. Proceedings of the 2022 IEEE International IOT, Electronics and Mechatronics Conference (pp. 1-7). IEEE. |
24 | Nosov, M., Tezin, A., & Kirikova, Y. (2023). Basic approaches to ensuring information security in IP networks. Proceedings of the International Scientific and Practical Conference “Modern tasks and promising directions of innovative development of science” (p. 190). Sterlitamak: AMI. |
25 | Q1 2022 DDoS attacks and BGP incidents. Retrieved from https://habr.com/ru/companies/ qrator/articles/663250/ |
26 | Shen, Z., Su, M., Cai, Y., & Tasi, M. (2021). Mitigating SYN Flooding and UDP Flooding in P4- based SDN. Proceedings of the 22nd Asia-Pacific Network Operations and Management Symposium (pp. 374-377). IEEE. |
27 | The rise of DDoS attacks in 2023: what you need to know. Retrieved from https://www.aarnet. edu.au/the-rise-of-ddos-attacks-in-2023-what-you-need-to-know |
28 | Tung, Y., Wei, H., Ti, Y., Tsou, Y., Saxena, N., & Yu, C. (2020). Counteracting UDP flooding attacks in SDN. Electronics, 9(8), 1239. |
29 | Vennila, G., & Manikandan, M. (2016). A scalable detection technique for real-time transport protocol (RTP) flooding attacks in VoIP network. Procedia Computer Science(93), 893-901. |
30 | Yamin, M., Ullah, M., Ullah, H., & Katt, B. (2021). Weaponized AI for cyber attacks. Journal of In formation Security and Applications(57), 102722 |
31 | Yang, C.-H., Wu, J.-P., Lee, F.-Y., Lin, T.-Y., & Tsai, M.-H. (2023). Detection and Mitigation of SYN Flooding Attacks through SYN/ACK Packets and Black/White Lists. Sensors, 23, 3817. doi:10.3390/s2308381 |
32 | Zeebaree, S., Jacksi, K., & Zebari, R. (2020). Impact analysis of SYN flood DDoS attack on HAProxy and NLB cluster-based web servers. 19(1), 510-517. |