An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic

Ahmed Khalaf, Bashar (2019) An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic. Masters thesis, Universiti Tun Hussein Onn Malaysia.

[img]
Preview
 Text
24p BASHAR AHMED KHALAF.pdf
Download (3MB) | Preview
[img] Text (Copyright Declaration)
BASHAR AHMED KHALAF COPYRIGHT DECLARATION.pdf
Restricted to Repository staff only
Download (505kB) | Request a copy
[img] Text (Full Text)
BASHAR AHMED KHALAF WATERMARK.pdf
Restricted to Registered users only
Download (3MB) | Request a copy

Abstract

Recently, a serious disturbance for network security could be a Distributed Denial of Service (DDoS) attack. The advent of technological era has also brought along the threat of DDoS attacks for a variety of services and applications that use the Internet. Firms can incur huge financial losses even if there is a disruption in services for a fraction of period. Similar to a DDoS attack is the Flash Crowd (FC) flooding traffics, in which a particular service is assessed by many legitimate users concurrently, which results in the denial of service. Overloading of network resources is a common issue associated with both of these events, which impact CPU, available bandwidth, and memory for legitimate users, thereby leading to limited accessibility. To address this issue, this thesis proposes an adaptive agent-based protection model known as Adaptive Protection of Flooding Attacks (APFA) specific for DDoS attacks and FC flooding traffics. The APFA model is aimed to protect the Network Application Layer (NAL) against such attacks. The APFA model consists of analysis, detection, decision and filter modules. The main contribution of this work in the APFA model is the decision module that employs a software agent to adapt and recognize the DDoS attacks (Demons and Zombies) and FC flooding traffics. The agent is equipped with three analysis functions that operate on three parameters of normal traffic intensity, traffic attack behavior, and IP address history log. The agent accordingly reacts on each of these attacks with different types of filtering actions as required. APFA model was implemented and tested by applying different attack scenarios using CIDDS standard dataset. The APFA model testing results achieve an accuracy of 99.64%, a precision of 99.62% and sensitivity of 99.96%. The APFA model results outperform similar models of the related work and the adaptive agent is able to distinguish between demons and zombies of the DDoS attacks with high accuracy of 99.91%.

Item Type: Thesis (Masters)
Subjects: H Social Sciences > HF Commerce
H Social Sciences > HF Commerce > HF5001-6182 Business
Divisions: Faculty of Computer Science and Information Technology > Department of Web Technology
Depositing User: Mrs. Sabarina Che Mat
Date Deposited: 25 Jul 2021 07:01
Last Modified: 25 Jul 2021 07:01
URI: http://eprints.uthm.edu.my/id/eprint/475

Actions (login required)

View Item View Item