Present Status of Distributed Denial of service (DDoS) Attacks in Internet World

Distributed Denial of Service (DDoS) attack harms the digital availability in Internet. The user’s perspective of getting quick and effective services may be badly hit by the DDoS attackers. There are several reports of DDoS attack incidences that have caused devastating effects on the user and web services in the Internet world. In the present digital world dominated by wireless, mobile and IoT devices, the numbers of users are increasing day by day. Most of the users are novice and therefore their devices either fell prey to DDoS attacks or unknowingly add themselves to the DDoS attack Army. We soon will witness the 5G mobile revolution but there are reports that 5G networks are also falling prey to DDoS attacks and hence, the realization of DoS attack as a threat needs to be understood. The paper targets to assess the DDoS attack threat. It identifies the impact of attack and also reviews existing Indian laws.


Introduction
In any computer system (standalone or distributed) major security goals are: confidentiality, integrity and availability. These are threatened by various attacks divided into active and passive categories. Attacks that target integrity and availability fall under the active category. The popular techniques in this category involve masquerading, modification of messages, repudiation, replay, and Denial of Service (DoS) attacks. Among these, DoS attacks are the one that hampers & targets availability and are the present domain of discussion in this paper. DoS attack is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and web services. Such attacks are not designed to gain access to the systems. Some of the popular examples includes: i) 'Ping of Death' on a computer that involves sending a malformed or otherwise malicious ping. A ping is normally of 64 bytes in size. Sending a ping which is larger than the maximum IP packet size can crash the target computer, ii) 'Tear drop' in which forged fragmented packets overlap each other during reassembling at the receiving host and possibly crashes it, iii) 'Email-bomb' (a form of net abuse) consisting of sending huge volumes of emails to an address in an attempt to overflow the mailbox Kotey et al., 2019;Yusof et al., 2019). this method to have a greater effect on the target than is possible with a single attacking machine. This attack can easily cause damage to the victim host or network. It can exhaust the computing and communication resources of its victim within a short period of time (Singh, 2008).

Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb -National Research Council, "Computers at Risk", 1991.
Though this statement made in seminal report of National Research Council in the year 1991 is correct for most of the cyber-attacks but it more appropriately fits for the DDoS Attack. An attacker in this attack hides itself in the distributed Internet and can cause harm to any system anywhere in the world with the help of single terminal/keyboard. Hence, the prediction made approximately 09 years before the first DDoS attack (in the year 2000) was noticed, is very true (Cyber-attacks batter Web heavyweights, 2000). A lot of water has gone under the bridge since then, the DDoS attacks have now entered into terabit age and have more devastating impact on the target. Hence, it becomes imperative to know and review the present status of these attacks. Figure 1 demonstrates a scenario where the master (the main DDoS attacker) sends control messages (marked in green) though Internet for controlling the slaves. The slaves are the one who unknowingly sends attack packets (marked in red) towards target system. The DDoS attacks are a reality and some of the reasons why these are so frequent in the present Internet world involves: 1) personal reasons (may be for taking revenge) due to which an attacker targets specific computers, 2) prestige gains where the attacker tries to gain respect of hacker community, 3) material gain which can be achieved by blackmailing online companies and, 4) political reasons such as compromising enemy's resources (Mirkovic and Reiher., 2004;Abliz, 2011;Arora et al., 2011).  DDoS attacks are possible because Internet security is highly interdependent. Security of each host depends on the state of security in the rest of global Internet. Till any of the system in Internet is insecure, the chances of DDoS attacks are there. The attacker may easily slip the attack traffic from a firewall or attacks the firewall itself to make is unusable. Over provisioning also does not helps against DDoS attacks as the attacker can probably get enough resources to overcome any levels of over provisioned resources. Hence, notion of well securing machines in a network, use of firewalls and over-provisioning of servers is of not much use. This is because:1) Internet resources are limited and as such there are not enough resources to match the number of users, 2) there is no accountability enforcement in the Internet and any one can pretend as other via source address spoofing, 3) Control is distributed in the Internet and every networks run according to its local policies. The cost of DDoS attack to an attacker is far less as compared to its benefits. The current defense can only mitigate the attack once it has taken place. An effective defense against it is not visible to date. The solutions are still in infancy stage. Hence, DDoS attacks constitute one of the major threats in today's Internet (Mirkovic et al., 2004;Singh, 2008;Abliz, 2011;Arora, 2011).
Rest of the paper is organized as: Section2 of the paper reports the present status of the DDoS attacks. Section3 provides information about the DDoS attack tools used by the attackers and are easily available on the Internet. Section4 presents DDoS attack cases that have occurred in the past and have raised worries for the users. Section5 and section6 respectively covers cyber laws in India against DDoS attacks and issues and concerns against DDoS attacks. Finally, section7 provides conclusions.

Present Status
Prominent types of cyber attacks and their brief description are shown in Table 1. DDoS is listed as one among them. As per (Kardon, 2018), cyber crime has incurred losses amounting to approximately dollar 400 billion in the year 2015 and is expected to reach dollar 2 trillion in the year 2019. The statics of the cyber attacks from January to September 2018 reveals that DDoS attacks contributed 3.57% among various kinds of cyber attacks. The others major shares greater than DDoS attacks were that of Malware (35.61%), Vulnerability (6.41%), Targeted Attack (12.61%), Account Hijacking (17.33%) and Unknown Attacks (16.60%) (Hackmageddon, 2019). Table 1. Prominent types of cyber attacks (Kardon, 2018) Attack/concern Brief description Malware Software designed with malicious intentions and is designed so as to damage or control a computing device. Popular one includes ransomware that encrypts the files and later demands ransom for unencrypting them. Phishing Activity wherein the users are directed especially via emails towards fake websites. The users may give up their passwords and other financial details upon login.

Man-in-the-Middle Attacks
The attacker inserts himself in between the browser and web server and is able to obtain useful information on the way.

Cross-Site Scripting
It involves insertion of malicious code into the website which targets the visitor's browser and causes damage.

DDoS attacks
The army of compromised computing devices overloads the server with data resulting in its shutdown or crashing.

SQL Injection
Refers to corruption of data accessing SQL and make server divulge information like credit card numbers, user names etc.
Verisign DDoS trends report during Q2 2018 says that 26 percent of DDoS attacks were over 5 Gbps with an average attack peak size of 5.7 Gbps. According to this report, the largest volumetric DDoS attack peaked at 42 Gbps while the highest intensity DDoS attack peaked at 4.7 Mpps. This clearly states the devastating power of present day DDoS attacks. Verisign noticed a 35 percent increase in the number of DDoS attacks when comparing Q2 2018 to Q1 2018. As per the findings, User Datagram Protocol (UDP) floods were the most common attack type (Distributed Denial of Service Trends Report, 2019).
Security vendor Symantec's report in the year 2014 found that 26 percent of all DDoS attack traffic in the world originates from country like India. The love for India by the DDoS attackers is due to low cyber security awareness, lack of adequate security practices and infrastructure. Thus, India is not only affected by DDoS attacks but it also provides a hotbed for launching the large scale DDoS attacks in other countries. The unprotected wireless, mobile and Internet of Things (IoT) devices along with availability of high bandwidth networks (4G/5G) have worsened the things. Thus, assessment of DoS attacks and protection against them in Indian cyber space is the need of the hour (Symantec, 2014).
Akamai trends report finding are that DDoS attacks are remarkably stable. As per the report, the size of the largest attack (bandwidth) grows by about 9% per quarter, which nets out to doubling every two years. This is not continuous growth and whenever the adversary discovers a new attack method then a new peak size is established. This trend is observed including large scale DDoS attacks like Mirai and memcached reflection attacks (Ellis, 2018).

Major Attack Tools
The DDoS attack tools may be classified into 4 broad categories: HTTP packet generating -DDoS attack tools, DoS only -attack tools, Mobile -attack tools, Traditional DDoS attack tools. The first category is the most popular these days. This is due to the fact that most of the devices are mainly online most of the time and in working mode, utilizing HTTP based protocols.  ministries, newspapers and broadcasters web sites of Estonia. 128 unique DDoS attacks (115 ICMP floods, 4 TCP SYN floods and 9 generic traffic floods) were conducted. Attacker used hundreds or thousands of "zombie" computers and pelted Estonian Web sites with thousands of requests a second, boosting traffic far beyond normal levels. Due to attack, the country's network infrastructure got affected resulting in damaging of routers and associated routing tables, overloading of DNS servers and, mail server crashing. As the major attack traffic was coming from outside the country, Estonian ISPs concentrated upon blocking of all the foreign traffic for mitigating the DDoS attacks (Arora, 2011; Famous DDoS Attacks, 2019).

DDoS Attack Cases
Estonia though a small country but is among the leading countries who adopted the IT based services completely for making the country go paperless. The country has adopted the egovernance and e-voting since last few years. Hence, an attack of such capacity against the IT infrastructure alarmed and raised attentiveness among the other nations who are in their initial stages of adoption of such mechanisms. This attack was considered as the first act of cyber warfare. The reasons of this attack were assumed to be political in nature and were attributed towards the political conflict of Estonia with Russia (Famous DDoS Attacks, 2019).    (Nandikotkur, 2014;www.moneycontrol.com, 2018).
On May 14 th , 2018 in Denmark a DDoS attack on railway system made it impossible to purchase a ticket via mobile app, website, at ticket machines and in kiosks at the stations hence, posing a real threat in the computer world (www.transportsecurityworld.com, 2018).

Cyber Law in India for DoS Attacks
The In these sections, there is provision of imprisonment for a term up to three years or fine up to Rs. five lakhs (to a dishonest/fraudulent person) or both.
In latter, section 66F states about cyber-terrorism. It may attract life imprisonment.

Issues and Concerns against DDoS attacks
It is clear that technology alone is insufficient to deter cyber threats and attacks like DDoS will keep on troubling the users. One way to lessen their extent is via spreading the DDoS attack awareness, knowledge and understanding. The users should be told that their devices and networks may be used for the conduction of DDoS attacks, so that users deploy preventive measures in their devices and networks. It is very true that the attackers are becoming stealthier, smarter and more capable day by day. They are doing so by hiding their tracks better. Different governmental legislations are present in different parts of the world for dealing with the DDoS attack cases which complicates the problem further. The anti DDoS solutions exist but are too expensive to implement. Either hardware or software upgrade is required or continuous maintenance is required. Different countries have their own national interests; sometimes they may even favor these attacks under wars and enmity situations. In these attacks, it is ironical that the attacker is not the one who is actually executing the attack rather the attacker is only like a zombie who is acting under the control of the hidden principal attacker. Hence, it is difficult to prove who the real attacker is. Also, it is difficult to prove who used the computer that is used in the attack at a particular instant of time. In these attacks, usually the consoles are located across international boundaries and hence, law-enforcement problem pose a big challenge. In the past, DDoS has been considered as a nuisance activity conducted by cyber vandals i.e., it has very less socioeconomic aims. But in the future, due to high Return on Investment (ROI), destabilization may be used as the main aim of the attacker instead of the targeting particular targets (Abramson, 2016).

Conclusion
Distributed Denial of Service (DDoS) attack harms the digital availability and is a top security threat to service provisioning. The user's perspective of getting quick and effective services may be badly hit by the DDoS attackers. DDoS attack can easily cause damage to the victim host or network. It can exhaust the computing and communication resources of its victim within a short period of time. The cost of attack to an attacker is far less as compared to its benefits. There are several DDoS attack tools available and these are either freely available online or can be purchased for as little as $5 (Cluley, 2016). Also, the source code of these attack tools are often released so any cyber criminal can make their own botnet army with ease. In this paper, we have presented the major incidences of DDoS attacks in the Internet World till Jan 2019. The data clearly tell us that these attacks are increasing in number, size and devastating power. These attacks not only targeted the popular web services but also digitally advanced countries and heavily provisioned service providers. Thus, these attacks need to be stopped. If the DDoS attacks like the ones done recently in Denmark, Sweden and Australia were stopped; catastrophe situations in pervasive computing environment may have been prevented. It would have helped the users in maintaining the service connectivity despite of attacks. Hence, it is concluded that DDoS constitute one of the alarming security threats in today's Internet world that needs proper attention.