Editing Denial-of-service attack (section)

===Application layer attacks===
An '''application layer DDoS attack''' (sometimes referred to as '''layer 7 DDoS attack''') is a form of DDoS attack where attackers target [[application layer|application-layer]] processes.<ref>{{cite book | last =Lee | first =Newton | title =Counterterrorism and Cybersecurity: Total Information Awareness | publisher =Springer | date =2013 | isbn =9781461472056 }}</ref><ref name="Infosec7Layer">{{cite news | title =Layer Seven DDoS Attacks | newspaper =Infosec Institute }}</ref> The attack over-exercises specific functions or features of a website with the intention to disable those functions or features. This application-layer attack is different from an entire network attack, and is often used against financial institutions to distract IT and security personnel from security breaches.<ref>{{cite news | title =Gartner Says 25 Percent of Distributed Denial of Services Attacks in 2013 Will Be Application - Based | newspaper =Gartner | date =21 February 2013 | url =http://www.gartner.com/newsroom/id/2344217 | archive-url =https://web.archive.org/web/20130225073934/http://www.gartner.com/newsroom/id/2344217 | url-status =dead | archive-date =February 25, 2013 | access-date =28 January 2014 }}</ref> In 2013, application-layer DDoS attacks represented 20% of all DDoS attacks.<ref name="AbABankinJournal">{{cite news | last =Ginovsky | first =John | title =What you should know about worsening DDoS attacks | newspaper =ABA Banking Journal| date =27 January 2014 | url =http://www.ababj.com/component/k2/item/4354-what-you-should-know-about-worsening-ddos-attacks |archive-url=https://web.archive.org/web/20140209003822/http://ababj.com/component/k2/item/4354-what-you-should-know-about-worsening-ddos-attacks | archive-date=2014-02-09 }}</ref> According to research by [[Akamai Technologies]], there have been "51 percent more application layer attacks" from Q4 2013 to Q4 2014 and "16 percent more" from Q3 2014 to Q4 2014.<ref>{{cite web|url=https://blogs.akamai.com/2015/01/q4-2014-state-of-the-internet---security-report-some-numbers.html|title=Q4 2014 State of the Internet - Security Report: Numbers - The Akamai Blog|website=blogs.akamai.com}}</ref> In November 2017; Junade Ali, an engineer at Cloudflare noted that whilst network-level attacks continue to be of high capacity, they were occurring less frequently. Ali further noted that although network-level attacks were becoming less frequent, data from Cloudflare demonstrated that application-layer attacks were still showing no sign of slowing down.<ref>{{cite web|last1=Ali|first1=Junade|title=The New DDoS Landscape|url=https://blog.cloudflare.com/the-new-ddos-landscape/|website=Cloudflare Blog|date=23 November 2017}}</ref>

====Application layer====
The [[OSI model]] (ISO/IEC 7498-1) is a conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into [[abstraction layer]]s. The model is a product of the [[Open Systems Interconnection]] project at the [[International Organization for Standardization]] (ISO). The model groups similar communication functions into one of seven logical layers. A layer serves the layer above it and is served by the layer below it. For example, a layer that provides error-free communications across a network provides the communications path needed by applications above it, while it calls the next lower layer to send and receive packets that traverse that path. In the OSI model, the definition of its application layer is narrower in scope than is often implemented. The OSI model defines the application layer as being the user interface. The OSI application layer is responsible for displaying data and images to the user in a human-recognizable format and to interface with the [[presentation layer]] below it. In an implementation, the application and presentation layers are frequently combined.

====Method of attack====
The simplest DoS attack relies primarily on brute force, flooding the target with an overwhelming flux of packets, oversaturating its connection bandwidth or depleting the target's system resources. Bandwidth-saturating floods rely on the attacker's ability to generate the overwhelming flux of packets. A common way of achieving this today is via distributed denial-of-service, employing a [[botnet]]. An application layer DDoS attack is done mainly for specific targeted purposes, including disrupting transactions and access to databases. It requires fewer resources than network layer attacks but often accompanies them.<ref>{{cite news |last=Higgins |first=Kelly Jackson |title=DDoS Attack Used 'Headless' Browser In 150-Hour Siege |newspaper=Dark Reading |publisher=InformationWeek |date=17 October 2013 |url=http://www.darkreading.com/attacks-breaches/ddos-attack-used-headless-browsers-in-15/240162777 |access-date=28 January 2014 |url-status=dead |archive-url=https://web.archive.org/web/20140122165039/http://www.darkreading.com/attacks-breaches/ddos-attack-used-headless-browsers-in-15/240162777 |archive-date=January 22, 2014 }}</ref> An attack may be disguised to look like legitimate traffic, except it targets specific application packets or functions. The attack on the application layer can disrupt services such as the retrieval of information or search functions on a website.<ref name="AbABankinJournal" />