Volumetric DDoS Attacks: Types, Operation Mechanism, And Analysis Of Protection Methods

Furqat A.  Rakhmatov; Muxammadi Sh.  Toshtemirov

Furqat A. Rakhmatov Associate Professor, Department of Computer Systems, Tashkent University of Information Technologies named after Muhammad al-Khwarizmi
Muxammadi Sh. Toshtemirov Master’s Student, 1st Year, Tashkent University of Information Technologies named after Muhammad al-Khwarizmi

Keywords: DDoS attacks, volumetric attacks, UDP flood, ICMP flood, DNS amplification, information security, network security, protection algorithms.

Abstract

With the rapid advancement of digital infrastructure, safeguarding network systems against cyber threats has become increasingly vital. Among these threats, Distributed Denial of Service (DDoS) attacks—particularly volumetric variants—pose a serious risk by overwhelming network bandwidth and disrupting essential services. Volumetric DDoS attacks such as UDP Flood, ICMP Flood, and DNS Amplification are designed to consume system resources at scale, often leading to significant financial and reputational damage. These attack vectors exploit open network protocols and reflection mechanisms to maximize disruption. Despite the proliferation of mitigation techniques, there remains a lack of comprehensive analysis addressing the specific operational mechanisms and practical defense strategies for different volumetric attack types in contemporary environments. This study aims to examine the classification, technical execution, and associated risks of major volumetric DDoS attacks and to evaluate current protection methods, highlighting their strengths and limitations. The research identifies key characteristics and vulnerabilities exploited in UDP, ICMP, and DNS-based attacks. Analysis of countermeasures—such as traffic filtering, rate limiting, and deep packet inspection—demonstrates variable effectiveness depending on attack type. DNS amplification, in particular, poses severe challenges due to its high traffic amplification ratio. This article provides an integrated assessment of attack vectors and defense techniques through both technical analysis and graphical representation of traffic behavior, offering insight into real-time anomaly detection. The findings contribute to the development of more adaptive, algorithm-driven protection systems and offer a methodological basis for future research in cyber defense and secure network architecture.

References

S. Yu, W. Zhou, W. Jia, and S. Guo, «A Distributed Filtering Mechanism Against DDoS Attacks», IEEE Transactions on Parallel and Distributed Systems, сс. 444–458, 2009.

G. Kambourakis and others, «A fair solution to DNS amplification attacks», Computers & Security, сс. 533–547, 2007.

P. Wang, L. Chen, and J. Li, «A New Framework for ICMP Flood Attack Detection», IEEE Access, сс. 4530–4541, 2018.

S. T. Zargar, J. Joshi, and D. Tipper, «A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks», IEEE Communications Surveys & Tutorials, сс. 2046–2069, 2013.

J. Mirkovic and P. Reiher, «A taxonomy of DDoS attack and DDoS defense mechanisms», ACM SIGCOMM Computer Communication Review, сс. 39–53, 2004.

C. Rossow, «Amplification Hell: Revisiting Network Protocols for DDoS Abuse», in NDSS Symposium, 2014.

S. T. Zargar and J. Joshi, «Anomaly-based detection of high rate DDoS attacks using Packet Header and Traffic Features», IEEE Transactions on Dependable and Secure Computing, сс. 58–71, 2011.

V. Mavroeidis and S. Bromander, «Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence», in Proceedings of the 2017 European Intelligence and Security Informatics Conference (EISIC), 2017.

H. Wang, C. Jin, and K. G. Shin, «Defense Against Spoofed IP Traffic Using Hop-Count Filtering», IEEE/ACM Transactions on Networking, сс. 40–53, 2007.

S. Yu, Distributed Denial of Service Attack and Defense. Springer, 2014.

A. Kuzmanovic and E. W. Knightly, «Low-rate TCP-targeted DoS attacks (the shrew vs. the mice and elephants)», ACM SIGCOMM, сс. 75–86, 2003.

T. Peng, C. Leckie, and K. Ramamohanarao, «Survey of network-based defense mechanisms countering the DoS and DDoS problems», ACM Computing Surveys (CSUR), с. 3, 2007.

V. Bhandari и V. Gupta, «Survey of Ping of Death Attack Detection Techniques», International Journal of Computer Applications, 2013.

S. Behal, K. Kumar, M. Sachdeva, and K. Singh, «Trends in validation of DDoS research», Procedia Computer Science, сс. 636–643, 2017.

M. Antonakakis and others, «Understanding the Mirai Botnet», in USENIX Security Symposium, 2017.

A. Karasaridis, B. Rexroad, and D. Hoeflin, «Wide-scale botnet detection and characterization», in HotBots, 2007.