| dc.description.abstract |
Distributed Denial of Service (DDoS) attacks constitute a formidable threat, obstructing access to legitimate internet services and disrupting the seamless provision of services by organizations. Despite extensive research dedicated to developing defense mechanisms against DDoS attacks, their persistence remains a challenge. The majority of research in DDoS defense can be categorized into attack detection, mitigation, and prevention. Notably, defense strategies falling within the purview of attack detection and mitigation are reactive in nature, often activated after some level of damage has already occurred. In addition, the terms “detection” and “mitigation,” maintain consistent meanings in the literature. However, the term “prevention” in the context of DDoS attacks has been associated with varying interpretations in the literature. This paper undertakes a comprehensive review of techniques labeled as “prevention” in the realm of DDoS attacks. In addition, because prevention techniques do not have a standard meaning in the literature, we further classify these techniques into Ideal Prevention, True Prevention, and Partial Prevention. By scrutinizing these techniques and their implications, we shed light on the complexity of mitigating DDoS threats effectively. In particular, we advocate for increased focus on True Prevention techniques, emphasizing the need for dynamism, computational efficiency, scalability, and practical deployability. |
en_US |