Denial-of-service Attack

What Is Denial-of-service Attack?

A denial-of-service (DoS) attack is a deliberate attempt to make a computer system, network, or online service unavailable to its intended users by overwhelming it with malicious traffic, exploiting protocol vulnerabilities, or exhausting its computational resources. Unlike intrusion attacks that aim to steal or modify data, a DoS attack's primary objective is disruption: preventing legitimate users from accessing services, processing transactions, or maintaining communications. When the attack originates from multiple coordinated sources simultaneously, it is termed a distributed denial-of-service (DDoS) attack. DDoS attacks are typically far more difficult to defend against than single-source attacks because the volume of attacking traffic can easily exceed the bandwidth and processing capacity of most targets.

DoS and DDoS attacks sit at the intersection of network engineering, security operations, and adversarial systems design. They exploit the fundamental asymmetry between the cost of generating malicious traffic and the cost of absorbing it, a property that makes complete prevention difficult and shifts emphasis toward resilience and response.

Attack Categories

DoS attacks are commonly classified by the network layer they target. Volumetric attacks saturate the target's available bandwidth by sending massive quantities of traffic, often using amplification techniques such as DNS amplification, where a small spoofed query to an open resolver elicits a response many times larger that is directed at the victim's IP address. Protocol attacks exploit weaknesses in network-layer protocols; the SYN flood, for example, sends large numbers of TCP connection requests without completing the handshake, exhausting connection-state resources on servers and firewalls. Application-layer attacks operate at the HTTP or application level and are harder to distinguish from legitimate traffic; they aim to exhaust server processing resources by sending requests that trigger expensive computations or database queries. The UK National Cyber Security Centre's denial-of-service guidance outlines these categories and frames organizational preparedness around understanding the specific attack surfaces that each type exploits.

Botnets and DDoS Infrastructure

Large-scale DDoS attacks are typically executed through botnets: networks of compromised devices, including personal computers, routers, and Internet of Things endpoints, remotely controlled by an attacker. The Mirai botnet, which appeared in 2016, demonstrated the scale achievable by compromising poorly secured IoT devices, generating peak attack traffic measured in hundreds of gigabits per second. Attackers also use DDoS-for-hire services (sometimes called booters or stressers) that provide volumetric attack capacity on demand. Research surveyed by CISA's guidance on understanding denial-of-service attacks has documented how botnet infrastructure enables volumetric attacks on critical systems, and machine learning approaches now analyze traffic features such as packet size distributions and inter-arrival times to distinguish botnet command-and-control traffic from normal network behavior.

Mitigation and Proof of Work

Defending against DoS attacks involves a combination of architectural hardening, traffic filtering, and rate limiting. Upstream ISP-level scrubbing centers absorb volumetric traffic before it reaches the target network. Anycast routing distributes attack traffic across multiple geographically dispersed nodes, diluting its impact. At the application layer, proof-of-work challenges require connecting clients to perform a small computation before accessing a resource, raising the cost of automated flood attacks. The proof-of-work concept, originally proposed as an email spam deterrent and later adopted in blockchain systems, provides a computational filter that is inexpensive for legitimate users but burdensome when applied at flood scale. The IBM overview of DDoS attacks and defenses surveys the current defensive toolset, including cloud-based mitigation services that can absorb terabit-scale attacks.

Applications

Denial-of-service attack research and mitigation has applications across many domains, including:

  • Cloud service providers, where DDoS resilience is a baseline availability requirement
  • Financial services, where attack outages directly translate to transactional losses
  • Critical infrastructure protection, where availability of power, water, and communications systems must be maintained
  • Network operations, where intrusion detection systems are trained to identify volumetric and protocol anomalies
  • Blockchain and distributed systems, where proof-of-work mechanisms serve as Sybil and flood defenses

Related Topics

Loading…