ANALYSIS OF SECURITY PROTOCOLS USED FOR DDOS ATTACKS. TYPES AND ADVANTAGES OF UPDATED SECURITY PROTOCOLS

ABSTRACT

Distributed Denial of Service (DDoS) attacks remain one of the most critical threats to network security, exploiting vulnerabilities in core internet protocols and overwhelming target systems with malicious traffic. This paper examines protocol-based DDoS attacks, their impact, and modern security protocols designed to mitigate these threats. Key security enhancements include the adoption of ICMPv6, QUIC, RTP, DNSSEC, DoH, HTTP/2, and HTTP/3, which improve security, efficiency, and resilience against evolving cyber threats. Additionally, cloud-based DDoS protection services play a crucial role in filtering and mitigating attack traffic. A multi-layered security approach incorporating firewalls, IDS/IPS, load balancers, and CDNs is essential to maintaining network stability and ensuring service availability. The continuous evolution of security protocols is fundamental to defending against DDoS attacks and safeguarding digital infrastructure.

АННОТАЦИЯ

DDoS-атаки (распределённые атаки отказа в обслуживании) остаются одной из наиболее серьёзных угроз безопасности сетей, эксплуатирующих уязвимости интернет-протоколов и перегружающих целевые системы вредоносным трафиком. В данной работе рассматриваются DDoS-атаки, основанные на протоколах, их влияние и современные протоколы безопасности, разработанные для снижения этих угроз. Ключевыми мерами безопасности являются ICMPv6, QUIC, RTP, DNSSEC, DoH, HTTP/2 и HTTP/3, улучшающие стабильность сети и её защищенность. Дополнительно, облачные сервисы защиты от DDoS обеспечивают фильтрацию и снижение негативного воздействия атак. Для защиты цифровой инфраструктуры необходимо регулярно обновлять меры безопасности.

Keywords: DDoS Attack, Network Security, Cyber Threats, Security Protocols, ICMPv6, QUIC Protocol, RTP (Real-time Transport Protocol), DNSSEC (Domain Name System Security Extensions), DoH (DNS over HTTPS), HTTP/2, HTTP/3, Cloud-Based DDoS Protection, Firewall, IDS/IPS (Intrusion Detection/Prevention Systems), Load Balancer, Content Delivery Network (CDN), Service Availability, Traffic Filtering

Ключевые слова: DDoS-атака, Сетевая безопасность, Киберугрозы, Протоколы безопасности, ICMPv6, Протокол QUIC, Протокол RTP (Протокол транспортировки в реальном времени), DNSSEC (Расширения безопасности системы доменных имен), DoH (DNS через HTTPS), HTTP/2, HTTP/3, Облачная защита от DDoS-атак, Межсетевой экран (фаервол), Системы обнаружения и предотвращения вторжений (IDS/IPS), Балансировщик нагрузки, Сеть доставки контента (CDN), Доступность сервиса, Фильтрация трафика

1. INTRODUCTION

These attacks target weaknesses in protocols such as TCP/IP (network layer attacks) and HTTP (application layer attacks) or their implementations. Typically, these attacks exploit scenarios in which a server gets a packet or a request from a computer and will expect further communication. The server allocates memory and resources to maintain the session state and the communication channel, which is abused by intentionally slowing down or halting communication and draining such resources.

These protocol-based attacks can be particularly debilitating because they exploit the fundamental mechanisms by which the internet and web applications operate. In network layer attacks, techniques like SYN flood exploit the TCP handshake process. Attackers send a barrage of SYN requests to a server but do not complete the handshake with the ACK response. The server, awaiting the final step of the handshake, keeps these incomplete sessions open, consuming resources and eventually becoming unable to handle legitimate requests.

Application layer attacks, on the other hand, target the specific functions of web applications. For instance, Slowloris is a notorious attack where the attacker initiates a connection to the server but sends HTTP headers in an incomplete and slow manner. The server, expecting the headers to be completed, keeps each of these connections open. This gradually exhausts the server’s resources, leading to a denial of service to legitimate users.

These attacks are insidious because they require fewer resources from the attacker compared to the impact on the target server. A relatively small number of machines or even a single machine can initiate such attacks, making them a favored tactic among attackers due to their efficiency and effectiveness.

2. ANALYSIS OF SECURITY PROTOCOLS USED FOR DDOS ATTACKS

Why Security Protocols Are Needed Against DDoS Attacks?

DDoS attacks can completely or partially disrupt the target system or service. Security protocols help ensure that services remain continuously available. DDoS attacks waste network resources (such as servers, routers, and other network devices). Security protocols help protect these resources and improve their performance. DDoS attacks often involve malicious traffic. Security protocols enable the detection of suspicious traffic and its removal from the network. Security protocols help restrict access to networks and systems, making it more challenging for DDoS attacks to succeed. DDoS attacks can cause significant financial and reputational harm to organizations. Implementing security protocols reduces these risks and protects organizations.

Which Network Parts Are Protected by Security Protocols?

Security protocols against DDoS attacks are applied to the following network segments:

Web servers and databases require security measures to protect against DDoS attacks.

Routers, switches, and other network devices utilize security protocols to monitor network traffic and filter suspicious requests. WAFs (Web Application Firewalls) and other protective mechanisms are crucial for safeguarding web applications and APIs against DDoS attacks. DNSSEC and other security protocols are employed to protect against DNS amplification attacks. Cloud-based DDoS protection services are used to filter incoming traffic and eliminate harmful traffic.

Implementing security protocols against DDoS attacks is essential for protecting systems and network infrastructure, ensuring service continuity, and minimizing the risk of financial and reputational damage. These protocols are applied across various parts of the network, enhancing security and helping to mitigate the impact of DDoS attacks.

To combat Distributed Denial of Service (DDoS) attacks, the following sections and their protection mechanisms are relevant:

• The Network Management and Protection section is the most critical for detecting and preventing DDoS attacks. IDS/IPS (Intrusion Detection/Prevention Systems): Detects abnormal traffic in the network and automatically blocks it. Firewall: Configured to block numerous legitimate or malicious requests at the network boundary.
• The Network Perimeter Protection section helps limit and mitigate the impact of DDoS attacks. Load Balancers: Distribute traffic across multiple servers, preventing a single server from becoming overloaded. CDN (Content Delivery Network): Strengthens the network at geographical points, reducing the impact of a DDoS attack targeting a single location.  

In combating DDoS attacks and ensuring overall network security, a number of updated and alternative protocols are being used instead of the initial ones. Below are the protocols and their modern alternatives:

ICMPv6 this is an update and replacement for ICMP (Internet Control Message Protocol) ICMPv6 is used in IPv6 networks and offers more features. While ICMP is still utilized as a core protocol, its traffic is often limited and filtered due to the high risk of ICMP Flood attacks.

ICMPv6 this is an update and replacement for TCP (Transmission Control Protocol). QUIC is a new protocol developed on UDP, similar to TCP but designed to improve speed and security. While TCP remains widely used, QUIC is emerging as a new standard for web applications and services.

RTP (Real-time Transport Protocol) and QUIC this is an update and replacement for UDP (User Datagram Protocol). RTP is used for real-time data transmission and is suitable for multimedia applications. UDP is still in use, but filtering and limiting its traffic is necessary to protect against DDoS attacks.

DNSSEC (Domain Name System Security Extensions) and DoH (DNS over HTTPS) this is an update and replacement for DNS (Domain Name System).

DNSSEC enhances security by authenticating DNS queries and responses. DoH encrypts DNS queries over HTTPS, reducing attack risks. Modern DNS versions are increasingly replacing older protocols.

HTTP/2 and HTTP/3 this is an update and replacement for HTTP (Hypertext Transfer Protocol) HTTP/2 and HTTP/3 are designed to speed up web traffic and data transmission. HTTP/3 operates on the QUIC protocol. Currently, more emphasis is placed on HTTPS (HTTP Secure), which significantly improves security.       

3. TYPES AND BENEFITS OF UPDATED SECURITY PROTOCOLS

Updated security protocols play a crucial role in defending against Distributed Denial of Service (DDoS) attacks, offering enhanced protection, improved performance, and greater resilience against evolving cyber threats. These modern protocols replace or complement older ones, strengthening network security while maintaining efficiency and accessibility.

One of the most significant advancements in security protocols is the transition from ICMP to ICMPv6. This updated protocol is specifically designed for IPv6 networks, providing better error reporting, improved network diagnostics, and enhanced support for multicast communication. Unlike its predecessor, ICMPv6 includes security measures that help filter and prevent ICMP Flood attacks, a common method used by attackers to overwhelm a network. As the internet continues its shift toward IPv6, ICMPv6 ensures that security remains a priority in modern networking environments.

Another major improvement in security protocols is the introduction of QUIC, a protocol developed to enhance the performance and security of web traffic. QUIC operates on top of UDP but offers features similar to TCP, such as reliable data transmission and congestion control, while significantly reducing latency. It also integrates strong encryption by default, making it more resistant to attacks. By eliminating many of the vulnerabilities associated with TCP, QUIC provides faster and safer communication, especially for web applications that require high-speed data exchange.

In addition to QUIC, the Real-time Transport Protocol (RTP) has become essential for secure multimedia transmission. RTP is widely used for real-time applications like video conferencing and streaming, ensuring stable and secure data delivery. Unlike traditional UDP-based transmission, RTP provides additional mechanisms to handle data loss and jitter, making it a more reliable choice for multimedia communication. Its implementation helps prevent disruptions caused by DDoS attacks that target streaming services and voice communication platforms.

The security of the Domain Name System (DNS) has also been strengthened with the introduction of DNSSEC and DNS over HTTPS (DoH). DNSSEC enhances security by authenticating DNS queries and responses, reducing the risk of DNS spoofing and amplification attacks. Meanwhile, DoH encrypts DNS queries, preventing attackers from intercepting and manipulating DNS traffic. These advancements ensure that DNS infrastructure remains secure, protecting users from attacks that exploit weaknesses in traditional DNS protocols. Web traffic security has also seen significant improvements with the adoption of HTTP/2 and HTTP/3. These updated protocols optimize data transmission by allowing multiple requests to be processed simultaneously, improving both speed and efficiency. HTTP/3, which is built on QUIC, further enhances security and performance by reducing connection setup time and encrypting traffic more effectively. As web applications increasingly rely on encrypted and optimized communication, HTTP/2 and HTTP/3 play a crucial role in maintaining secure and efficient online services.

Beyond protocol enhancements, cloud-based DDoS protection services have emerged as a powerful defense against large-scale attacks. These services filter incoming traffic, identifying and blocking malicious requests before they reach the target network. By leveraging global cloud infrastructure, they offer scalable protection capable of handling even the most intense DDoS attacks. Organizations that implement cloud-based security solutions can ensure service continuity while mitigating the financial and reputational risks associated with cyberattacks.

The adoption of updated security protocols is essential in the fight against DDoS attacks. Protocols such as ICMPv6, QUIC, RTP, DNSSEC, DoH, HTTP/2, HTTP/3, and cloud-based security solutions not only enhance network performance but also provide critical protection against modern cyber threats. As technology continues to evolve, these advancements will remain fundamental in ensuring the security, stability, and efficiency of online services.

4. Conclusion and Recommendations

Distributed Denial of Service (DDoS) attacks remain one of the most significant threats to network security, targeting vulnerabilities in fundamental internet protocols and overwhelming servers with malicious traffic. These attacks disrupt services, consume network resources, and cause financial and reputational damage to organizations. To combat these threats, implementing modern security protocols is essential for ensuring service availability, optimizing performance, and minimizing risks.

One of the most effective strategies in mitigating DDoS attacks is the adoption of updated security protocols that enhance network resilience. The transition from ICMP to ICMPv6, for example, has improved error reporting and network diagnostics while incorporating security measures to prevent ICMP flood attacks. Similarly, the introduction of QUIC as an alternative to TCP has revolutionized web traffic security by reducing latency, improving encryption, and eliminating several vulnerabilities associated with traditional transport protocols. These advancements significantly strengthen the overall security posture of modern network infrastructures.

Real-time applications, such as video streaming and VoIP services, are particularly vulnerable to DDoS attacks. The implementation of the Real-time Transport Protocol (RTP) ensures stable and secure data transmission by mitigating the impact of packet loss and jitter. Moreover, securing the Domain Name System (DNS) has become crucial in preventing DNS amplification attacks and spoofing attempts. Technologies like DNSSEC and DNS over HTTPS (DoH) offer authentication and encryption mechanisms that protect DNS queries from interception and manipulation.

In conclusion, the continuous evolution of security protocols plays a vital role in mitigating the risks associated with DDoS attacks. By adopting modern protocols such as ICMPv6, QUIC, RTP, DNSSEC, DoH, HTTP/2, and HTTP/3, organizations can enhance their network resilience and security. Cloud-based DDoS protection services further strengthen these defenses by providing scalable and adaptive solutions against large-scale attacks. Moving forward, organizations must remain proactive in implementing and updating security measures to safeguard their digital infrastructure, ensuring uninterrupted services and protecting against emerging cyber threats.

We can see that in Table 1 DDoS attacks exploit network vulnerabilities, causing service disruptions, resource exhaustion, financial losses, and reputational damage. To mitigate these threats, updated security protocols and multi-layered defense strategies are essential. Key security protocols: ICMPv6 enhances diagnostics and reduces ICMP flood risks; QUIC improves encryption and reduces latency; RTP secures real-time communications; DNSSEC and DoH protect DNS traffic from spoofing and amplification attacks; HTTP/2 and HTTP/3 optimize web security and speed.

Cloud-based protection: Filters malicious traffic using global infrastructures.

Multi-layered security: IDS/IPS detects abnormal traffic, firewalls block threats, load balancers distribute traffic, and CDNs disperse attack loads.

Future recommendations: Regular security updates, proactive monitoring, and adaptive defense mechanisms are crucial for long-term protection.

References:

1. Abdou, A., Matrawy, A., & van Oorschot, P. C. (2018). "DNS Privacy: An Analysis of Resolvers and Web Content." IEEE Transactions on Information Forensics and Security, 13(10), 2483–2497.
2. Alomari, E., Manickam, S., Gupta, B. B., Karuppayah, S., & Alfaris, R. (2012). "Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art of Defence." Network and System Security, 4(6), 1–11.
3. Beitollahi, H., & Deconinck, G. (2012). "Analyzing Well-Known Countermeasures Against Distributed Denial of Service Attacks." International Journal of Information Security, 11, 195–203.
4. Conti, M., Schramm, K., & Spognardi, A. (2017). "Denial-of-Service Attacks: A Comprehensive Review." ACM Computing Surveys, 50(5), 1–36.
5. Eggendorfer, T., & Tjoa, S. (2019). "An Analysis of HTTP/2 Security Enhancements and Attack Surfaces." International Conference on Cyber Security and Protection of Digital Services.
6. Faris, R., Heidemann, J., & Mirkovic, J. (2020). "DNS Security Extensions (DNSSEC) and DoH: A Study of Adoption and Security Benefits." IEEE Transactions on Dependable and Secure Computing, 17(3), 456–468.
7. Holz, R., Amann, J., Mehani, O., & Wachs, M. (2016). "TLS in the Wild: An Internet-Wide Analysis of TLS-Based Protocols for Secure Communication." Network and Distributed System Security Symposium.