Denial-of-Service Attacks (DoS)

Denial-of-service (DoS) attacks are cyberattacks aimed at making resources (or services) unavailable to users. DoS attacks are implemented through either the exploitation of limitations of communication and application protocols, or an attack on the server involving the transmission of an extensive number of requests meant to overload the server and exhaust its resources.

DoS attacks and their detection are discussed in the guidelines document of the National Institute of Standards and Technology (Scarfone & Hoffman, 2009). They typically lead to significantly increased bandwidth usage or a much larger-than-usual number of packets or connections sent to or from a particular host. Anomaly detection methods can involve monitoring bandwidth or packet or connection numbers and determining whether observed activity is significantly different from expected activity.

The effects of DoS attacks can be mitigated with the installation of appropriate software and the throttling of bandwidth usage.

References

Scarfone, K., & Hoffman, P. (2009). Guidelines on firewalls and firewall policy: Recommendations of the National Institute of Standards and Technology: Special Publication 800-41. National Institute of Standards and Technology. http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf