An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic

An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic

Recently, a serious disturbance for network security could be a Distributed Denial of Service (DDoS) attack. The advent of technological era has also brought along the threat of DDoS attacks for a variety of services and applications that use the Internet. Firms can incur huge financial losses even...

Full description

Saved in:
Bibliographic Details
Main Author: Ahmed Khalaf, Bashar
Format: Thesis
Language:English
English
English
Published: 2019
Subjects:
HF Commerce
HF5001-6182 Business
Online Access:http://eprints.uthm.edu.my/475/1/24p%20BASHAR%20AHMED%20KHALAF.pdf
http://eprints.uthm.edu.my/475/2/BASHAR%20AHMED%20KHALAF%20COPYRIGHT%20DECLARATION.pdf
http://eprints.uthm.edu.my/475/3/BASHAR%20AHMED%20KHALAF%20WATERMARK.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-uthm-ep.475
record_format uketd_dc
spelling my-uthm-ep.4752021-07-25T07:01:02Z An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic 2019-10 Ahmed Khalaf, Bashar HF Commerce HF5001-6182 Business Recently, a serious disturbance for network security could be a Distributed Denial of Service (DDoS) attack. The advent of technological era has also brought along the threat of DDoS attacks for a variety of services and applications that use the Internet. Firms can incur huge financial losses even if there is a disruption in services for a fraction of period. Similar to a DDoS attack is the Flash Crowd (FC) flooding traffics, in which a particular service is assessed by many legitimate users concurrently, which results in the denial of service. Overloading of network resources is a common issue associated with both of these events, which impact CPU, available bandwidth, and memory for legitimate users, thereby leading to limited accessibility. To address this issue, this thesis proposes an adaptive agent-based protection model known as Adaptive Protection of Flooding Attacks (APFA) specific for DDoS attacks and FC flooding traffics. The APFA model is aimed to protect the Network Application Layer (NAL) against such attacks. The APFA model consists of analysis, detection, decision and filter modules. The main contribution of this work in the APFA model is the decision module that employs a software agent to adapt and recognize the DDoS attacks (Demons and Zombies) and FC flooding traffics. The agent is equipped with three analysis functions that operate on three parameters of normal traffic intensity, traffic attack behavior, and IP address history log. The agent accordingly reacts on each of these attacks with different types of filtering actions as required. APFA model was implemented and tested by applying different attack scenarios using CIDDS standard dataset. The APFA model testing results achieve an accuracy of 99.64%, a precision of 99.62% and sensitivity of 99.96%. The APFA model results outperform similar models of the related work and the adaptive agent is able to distinguish between demons and zombies of the DDoS attacks with high accuracy of 99.91%. 2019-10 Thesis http://eprints.uthm.edu.my/475/ http://eprints.uthm.edu.my/475/1/24p%20BASHAR%20AHMED%20KHALAF.pdf text en public http://eprints.uthm.edu.my/475/2/BASHAR%20AHMED%20KHALAF%20COPYRIGHT%20DECLARATION.pdf text en staffonly http://eprints.uthm.edu.my/475/3/BASHAR%20AHMED%20KHALAF%20WATERMARK.pdf text en validuser mphil masters Universiti Tun Hussein Onn Malaysia Fakulti Sains Komputer dan Teknologi Maklumat
institution Universiti Tun Hussein Onn Malaysia
collection UTHM Institutional Repository
language English
English
English
topic HF Commerce
HF5001-6182 Business
spellingShingle HF Commerce
HF5001-6182 Business
Ahmed Khalaf, Bashar
An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic
description Recently, a serious disturbance for network security could be a Distributed Denial of Service (DDoS) attack. The advent of technological era has also brought along the threat of DDoS attacks for a variety of services and applications that use the Internet. Firms can incur huge financial losses even if there is a disruption in services for a fraction of period. Similar to a DDoS attack is the Flash Crowd (FC) flooding traffics, in which a particular service is assessed by many legitimate users concurrently, which results in the denial of service. Overloading of network resources is a common issue associated with both of these events, which impact CPU, available bandwidth, and memory for legitimate users, thereby leading to limited accessibility. To address this issue, this thesis proposes an adaptive agent-based protection model known as Adaptive Protection of Flooding Attacks (APFA) specific for DDoS attacks and FC flooding traffics. The APFA model is aimed to protect the Network Application Layer (NAL) against such attacks. The APFA model consists of analysis, detection, decision and filter modules. The main contribution of this work in the APFA model is the decision module that employs a software agent to adapt and recognize the DDoS attacks (Demons and Zombies) and FC flooding traffics. The agent is equipped with three analysis functions that operate on three parameters of normal traffic intensity, traffic attack behavior, and IP address history log. The agent accordingly reacts on each of these attacks with different types of filtering actions as required. APFA model was implemented and tested by applying different attack scenarios using CIDDS standard dataset. The APFA model testing results achieve an accuracy of 99.64%, a precision of 99.62% and sensitivity of 99.96%. The APFA model results outperform similar models of the related work and the adaptive agent is able to distinguish between demons and zombies of the DDoS attacks with high accuracy of 99.91%.
format Thesis
qualification_name Master of Philosophy (M.Phil.)
qualification_level Master's degree
author Ahmed Khalaf, Bashar
author_facet Ahmed Khalaf, Bashar
author_sort Ahmed Khalaf, Bashar
title An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic
title_short An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic
title_full An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic
title_fullStr An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic
title_full_unstemmed An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic
title_sort improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic
granting_institution Universiti Tun Hussein Onn Malaysia
granting_department Fakulti Sains Komputer dan Teknologi Maklumat
publishDate 2019
url http://eprints.uthm.edu.my/475/1/24p%20BASHAR%20AHMED%20KHALAF.pdf
http://eprints.uthm.edu.my/475/2/BASHAR%20AHMED%20KHALAF%20COPYRIGHT%20DECLARATION.pdf
http://eprints.uthm.edu.my/475/3/BASHAR%20AHMED%20KHALAF%20WATERMARK.pdf
_version_ 1747830619225718784

Similar Items