Anticipating Moves to Prevent Botnet Generated DDoS Flooding Attacks

Abstract: Volumetric Distributed Denial of Service (DDoS) attacks have been a recurrent issue on the Internet. These attacks generate a flooding of fake network traffic to interfere with targeted servers or network links. Despite many efforts to detect and mitigate them, attackers have played a game always circumventing countermeasures. Today, there is an increase in the number of infected devices, even more with the advent of the Internet of Things and flexible communication technologies. Leveraging device-to-device short range wireless communications and others, infected devices can coordinate sophisticated botnets, which can be employed to intensify DDoS attacks. The new generation of botnets is even harder to detect because of their adaptive and dynamic behavior yielded by infected mobile portable devices. Additionally, because there can be a large number of geographically distributed devices, botnets increase DDoS traffic significantly. In face of their new behavior and the increasing volume of DDoS traffic, novel and intelligent-driven approaches are required. Specifically, we advocate for {\em anticipating} trends of DDoS attacks in the early stages as much as possible. This work provides an overview of approaches that can be employed to anticipate trends of DDoS attacks generated by botnets in their early stages and brings an insightful discussion about the advantages of each kind of approach and open issues.