An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic

An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic

Recently, a serious disturbance for network security could be a Distributed Denial of Service (DDoS) attack. The advent of technological era has also brought along the threat of DDoS attacks for a variety of services and applications that use the Internet. Firms can incur huge financial losses even...

Full description

Saved in:
Bibliographic Details
Main Author: Ahmed Khalaf, Bashar
Format: Thesis
Language:English
English
English
Published: 2019
Subjects:
HF Commerce
HF5001-6182 Business
Online Access:http://eprints.uthm.edu.my/475/1/24p%20BASHAR%20AHMED%20KHALAF.pdf
http://eprints.uthm.edu.my/475/2/BASHAR%20AHMED%20KHALAF%20COPYRIGHT%20DECLARATION.pdf
http://eprints.uthm.edu.my/475/3/BASHAR%20AHMED%20KHALAF%20WATERMARK.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Recently, a serious disturbance for network security could be a Distributed Denial of Service (DDoS) attack. The advent of technological era has also brought along the threat of DDoS attacks for a variety of services and applications that use the Internet. Firms can incur huge financial losses even if there is a disruption in services for a fraction of period. Similar to a DDoS attack is the Flash Crowd (FC) flooding traffics, in which a particular service is assessed by many legitimate users concurrently, which results in the denial of service. Overloading of network resources is a common issue associated with both of these events, which impact CPU, available bandwidth, and memory for legitimate users, thereby leading to limited accessibility. To address this issue, this thesis proposes an adaptive agent-based protection model known as Adaptive Protection of Flooding Attacks (APFA) specific for DDoS attacks and FC flooding traffics. The APFA model is aimed to protect the Network Application Layer (NAL) against such attacks. The APFA model consists of analysis, detection, decision and filter modules. The main contribution of this work in the APFA model is the decision module that employs a software agent to adapt and recognize the DDoS attacks (Demons and Zombies) and FC flooding traffics. The agent is equipped with three analysis functions that operate on three parameters of normal traffic intensity, traffic attack behavior, and IP address history log. The agent accordingly reacts on each of these attacks with different types of filtering actions as required. APFA model was implemented and tested by applying different attack scenarios using CIDDS standard dataset. The APFA model testing results achieve an accuracy of 99.64%, a precision of 99.62% and sensitivity of 99.96%. The APFA model results outperform similar models of the related work and the adaptive agent is able to distinguish between demons and zombies of the DDoS attacks with high accuracy of 99.91%.

Similar Items