Taxonomy of DDoS Attacks and Defense Mechanisms

Home / Taxonomy of DDoS Attacks and Defense Mechanisms

Taxonomy of DDoS Attacks and Defense Mechanisms

December 9, 2015 | Article | No Comments

This article will serve as summary of DDoS attack & defense mechanism and divide the topic into several categories based on several things. The taxonomy is based on [1] and has support by other materials (if any).

This article won’t tell the subject in detail. Instead, it try to summarize what the essential of [1] is.

[ Attacks Mechanism ]

Classification By Degree of Automation

During the attack preparation, the attacker needs to locate prospective agent and infect them with the attack code.

  1. Manual Attacks
  2. Semi-Automatic Attacks
  3. Automatic Attacks

Classification By Communication Mechanism

The division to following category is based on semi-automatic attack. On semi-automatic attack, attacker need to connect his machine to slave in order to launch an attack.

  1. Direct Communication
  2. Indirect Communication

Classification By Scanning Strategy

Both automatic and semi-automatic recruit the agent machine by deploying automatic scanning and propagation techniques.

The scanning is method used by compromised agent (slave) and probe IP to attack.

  1. Attacks with Random Scanning
  2. Attacks with Hitlist Scanning
  3. Attacks with Topological Scanning
  4. Attacks with Permutation Scanning
  5. Attacks with Local Subnet Scanning

Classification By Propagation Mechanism

This mechanism describe how the attack code is sent to agent machine.

  1. Central Source Propagation
  2. Back-Chaining Propagation
  3. Autonomous Propagation

Classification By Exploitated Vulnerability

Based on the vulnerability that is targeted during an attack.

  1. Protocol Attacks
  2. Brute-Force Attacks
    1. Filterable Attacks
    2. Non-filterable Attacks

Classification By Attack Rates Dynamics

This depend on the dynamic of an attack.

  1. Continuous Rate Attacks
  2. Variable Rate Attacks
    1. Increasing Rate Attacks
    2. Fluctuating Rate Attacks

Classification By Impact

Depend on the impact of a DDoS attack cause on victim.

  1. Disruptive Attacks
  2. Degrading Attacks

[ Defense Mechanism ]

Classification By Activity Level

  1. Attack Prevention Mechanism
    1. Attack Prevention Mechanism
      1. System Security Mechanism
      2. Protocol Security Mechanism
    2. Denial of Service (DoS) Prevention Mechanism
      1. Resource Accounting Mechanism
      2. Resource Multiplication Mechanism
  2. Reactive Mechanism
    1. Attack Detection Strategy
      1. Mechanism with Pattern Attack Detection
      2. Mechanism with Anomaly Attack Detection
      3. Mechanism with Hybrid Attack Detection
      4. Mechanism with Third-Party Attack Detection
    2. Response Strategy
      1. Agent Identification Mechanisms
      2. Rate-Limiting Mechanisms
      3. Filtering Mechanisms
      4. Reconfiguration Mechanisms
    3. Cooperation Degree
      1. Autonomous Mechanisms
      2. Cooperative Mechanism
      3. Interdependent Mechanisms

Classification By Deployment Location

  1. Victim-Network Mechanism
  2. Intermediate-Network Mechanism
  3. Source-Network Mechanism


  1. Mirkovic, J., Martin, J., and Reiher P. A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms. Computer Science Department, University of California, Los Angeles. [ link ]
  2. Mirkovic, J. Dietrich, S., Dittrich, D., Reihe, P. 2004. Internet Denial of Service: Attack and Defense Mechanism. Prentice Hall
  3. Tripwire, “Tripwire for Server”,
  4. McAfee,”Personal Firewall”,
  5. McAfee,”VirusScan Online,”
  6. S. Axelsson, “Intrusion detection systems: A survey and taxonomy,” Technical Report 99-15, Department of Computer Engineering, Chalmers University, March 2000.
  7. Cisco, “Strategies to protect against distributed denial of service attacks,”
  8. J. Shapiro and N. Hardy, “EROS: A principle-driven operating system from the ground up,” IEEE Software, pp. 26-33, January/February 2002
  9. E.O’Brien,”NetBouncer : A practical client-legitimacy-based DDoS defense via ingress filtering,”
  10. J. Leiwo, P. Nikander, and T. Aura, “Towards network denial of service resistant protocols,” In Proceedings of the 15th
    International Information Security Conference (IFIP/SEC 2000), August 2000.
  11. Cisco, “Strategies to protect against Distributed Denial of Service Attacks,”
  12. T. Aura, P. Nikander, and J. Leiwo, “DOS-resistant authentication with client puzzles,” In Proceedings of the 8th International Workshop on Security Protocols
  13. C. Schuba, I. Krsul, M. Kuhn, G. Spafford, A. Sundaram, and D. Zamboni, “Analysis of a denial of service attack on TCP,” In
    Proceedings of the 1997 IEEE Symposium on Security and Privacy, May 1997.
  14. A. Juels and J. Brainard, “Client puzzles: A cryptographic countermeasure against connection depletion attacks,” In Proceedings of the 1999 Networks and distributed system security symposium (NDSS’99), Mar 1999.
  15. Y. L. Zheng and J. Leiwo, “A method to implement a denial of service protection base,” In Information Security and Privacy, volume 1270 of LNCS, pages 90–101, 1997.
  16. O. Spatscheck and L. Peterson, “Defending against denial-of service requests in Scout,” In Proceedings of the 1999 USENIX/ACM Symposium on Operating System Design and Implementation, February 1999.
  17. A. Garg and A. L. Narasimha Reddy, “Mitigating denial of service attacks using QoS regulation,” Texas A & M University Tech report, TAMU-ECE-2001-06
  18. F. Lau, S. H. Rubin, M. H. Smith, and Lj. Trajkovic, “Distributed denial of service attacks,” In Proceedings of 2000 IEEE International Conference on Systems, Man, and Cybernetics, October 2000.

About Author

about author


A man who is obsessed to low level technology.

Leave a Reply

Your email address will not be published. Required fields are marked *

Social Share Buttons and Icons powered by Ultimatelysocial