Jump to main content

Cybersecurity: Denial-of-Service Attack

5 reviews


Grade Range
Group Size
9-12 students
Active Time
60 minutes
Total Time
60 minutes
Area of Science
Computer Science
Key Concepts
Cybersecurity, Using Models to Study a Problem
Sabine De Brabandere, PhD, Science Buddies
Image of a hooded figure looking at lines of binary code with the word 'hacked' highlighted in red


Have you or your students ever felt frustrated at not being able to access a favorite website or online game? Did you realize the site might have been a victim of a cyber-attack? If you aren't careful about online security, your own computer could even be used to launch the attack! In this fun lesson plan, you and your students will model one type of attack (a denial-of-service attack) and figure out how to protect the network against it (no computer programming required)!

Learning Objectives

NGSS Alignment

This lesson helps students prepare for these Next Generation Science Standards Performance Expectations:
This lesson focuses on these aspects of NGSS Three Dimensional Learning:

Science & Engineering Practices
Analyzing and Interpreting Data. Analyze and interpret data to determine similarities and differences in findings.

Engaging in Argument from Evidence. Evaluate competing design solutions based on jointly developed and agreed-upon design criteria.
Disciplinary Core Ideas
ETS1.B: Developing Possible Solutions. A solution needs to be tested, and then modified on the basis of the test results, in order to improve it.

There are systematic processes for evaluating solutions with respect to how well they meet the criteria and constraints of a problem.

Sometimes parts of different solutions can be combined to create a solution that is better than any of its predecessors.

ETS1.C: Optimizing the Design Solution. The iterative process of testing the most promising solutions and modifying what is proposed on the basis of the test results leads to greater refinement and ultimately to an optimal solution.
Crosscutting Concepts
Systems and System Models. Models can be used to represent systems and their interactions—such as inputs, processes and outputs—and energy and matter flows within systems.

Systems may interact with other systems; they may have sub-systems and be a part of larger complex systems.

Models are limited in that they only represent certain aspects of the system under study.


Paper of different colors, a marker, scissors, small plastic containers, a timer and pencils

To share with the entire class:

Needed for each group of 9–12 students:*

* This activity works best with groups of 9-12, but can work with groups of 7-14 participants. For smaller groups, reduce the number participants acting as client and/or as Internet by one. For larger groups, add clients and ask all clients to write their name and street on each request. See Explore section for explanation of different roles.

Background Information for Teachers

This section contains a quick review for teachers of the science and concepts covered in this lesson.

If you follow the news, you have probably read about cyber-attacks or hacks against individuals, companies, and governments. The results vary widely, ranging from leaks of embarrassing personal photos to identity theft or leaking of top secret information. The backgrounds and motives of perpetrators are also diverse, ranging from teenagers who just want to cause some disruption to serious criminals. One type of cyber-attack is the denial-of-service (DoS) attack. A DoS attack typically floods a server with so much traffic that it is overwhelmed and unable to respond to legitimate users. To regular visitors, the site appears very slow or not functional at all. Unlike other types of cyber-attacks, the goal of a DoS attack is not to steal confidential information. DoS attacks may be used by activists to damage the target organization's reputation or limit its visibility at a critical time; or by criminals who demand a ransom payment to allow a website to come back up.

Before you can explore how DoS cyber-attacks work, you need a basic understanding of how information travels from the client (the computer or program you use to connect to the Internet) to a server (a machine that hosts a website). The server processes requests from the client. For example, when you click a button in a web browser to load a new page, your computer (the client) sends a request to the server for the files needed to load and view that new page. A posted request passes firewalls and routers as it travels through the Internet. A router sends the request to the correct server. There, it is placed in a queue to be processed when the server has a chance. For this activity, the process will be simplified to the process shown in Figure 1.

Diagram of three cilents connecting to the internet which connects to a server
Figure 1. In its simplest form, requests posted by a client travel over the Internet to a server, which then processes the requests.

One way to launch a DoS attack is to send the target server many (fake) requests in a short time span (for example, requesting to load the same page over and over again). This floods the server with requests so it is unable to process them in a timely way. This type of DoS attack is a good example because it is simple, identifying it is easy (requests from a particular client come at an abnormally high rate), and intercepting it could be straightforward (disregard all requests from the attacking client). Once this is understood, more sophisticated types of DoS attacks, which might be harder to detect, can be explored.

The task of cybersecurity staff is to safeguard their employer's Information technology (IT) network and its related data. This includes protecting services against DoS attacks. The ideal defense mechanisms let all legitimate traffic through, while blocking illegitimate requests without slowing down the process. In real life, compromises are often necessary. Several protection mechanisms are used. Implementing a good firewall, which can identify and disregard illegitimate requests, is often the first step. Another tactic is to increase the capacity of the network to handle requests. Although this might not intercept attacks, it makes the service less vulnerable, as it is able to handle the additional load of illegitimate requests.

In this lesson, students act out the network shown in Figure 1 without using computers or the Internet. Some students will act as clients, writing colored cards representing "requests" or information to be sent to the server. Other students will serve as the Internet, collecting and transporting these cards (requests) to the server. One student acting as the server will receive the requests and process them. A student (the guard) will initially oversee the process and can later be used to represent a firewall. One student will serve as attacker and flood the system with requests to simulate a DoS attack. Although this greatly simplifies the information flow happening in real life, it is an easy way to show how a successful DoS attack can be launched, how it affects the network, and ways cybersecurity professionals can counter the attack. Let your students be the cybersecurity personnel, identify cyber-attacks, and find creative ways to protect the service against the attacks.

Prep Work (10-20 minutes)

Engage (5 minutes)

Explore (40 minutes)

Reflect (10 minutes)


Make Career Connections

Lesson Plan Variations

Free science fair projects.