A Novel DDoS Floods Detection and Testing Approaches for Network Traffic based on Linux Techniques
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2018, Vol 9, Issue 2
Abstract
In Today’s Digital World, the continuous interruption of users has affected Web Servers (WSVRs), through Distributed Denial-of-Service (DDoS) attacks. These attacks always remain a massive warning to the World Wide Web (WWW). These warnings can interrupt the accessibility of WSVRs, completely by disturbing each data processing before intercommunication properties over pure dimensions of Data-Driven Networks (DDN), management and cooperative communities on the Internet technology. The purpose of this research is to find, describe and test existing tools and features available in Linux-based solution lab design Availability Protection System (Linux-APS), for filtering malicious traffic flow of DDoS attacks. As source of malicious traffic flow taken most widely used DDoS attacks, targeting WSVRs. Synchronize (SYN), User Datagram Protocol (UDP) and Internet Control Message Protocol (ICMP) Flooding attacks are described and different variants of the mitigation techniques are explained. Available cooperative tools for manipulating with network traffic, like; Ebtables and Iptables tools are compared, based on each type of attacks. Specially created experimental network was used for testing purposes, configured filters servers and bridge. Inspected packets flow through Linux-kernel network stack along with tuning options serving for increasing filter server traffic throughput. In the part of contribution as an outcomes, Ebtables tool appears to be most productive, due to less resources it needed to process each packet (frame). Pointed out that separate detecting system is needed for this tool, in order to provide further filtering methods with data. As main conclusion, Linux-APS, solutions provide full functionality for filtering malicious traffic flow of DDoS attacks either in stand-alone state or combined with detecting systems.
Authors and Affiliations
Muhammad Tahir, Mingchu Li, Naeem Ayoub, Usman Shehzaib, Atif Wagan
Keywords
Related Articles
- EP ID EP277023
- DOI 10.14569/IJACSA.2018.090248
- Views 110
- Downloads 0
MR Brain Real Images Segmentation Based Modalities Fusion and Estimation Et Maximization Approach
With the development of acquisition image techniques, more data coming from different sources of image become available. Multi-modality image fusion seeks to combine information from different images to obtain more infer...
The Examination of Using Business Intelligence Systems by Enterprises in Hungary
Data are one of the key elements in corporate decision-making, without them, the decision-making process cannot be imagined. As a consequence, different analytical tools are needed that allow the efficient use of data, i...
Semantic based Data Integration in Scientific Workflows
Data Integration has become the most prominent aspect of data management applications, especially in scientific domains like ecology, biology, and geosciences. Today’s complex scientific applications and the rise of dive...
Intelligent Watermarking Scheme for image Authentication and Recovery
Recently, researchers have proposed semi-fragile watermarking techniques with the additional capability of image recovery. However, these approaches have certain limitations with respect to capacity, imperceptibility, an...
A Hybrid Background Subtraction and Artificial Neural Networks for Movement Recognition in Memorizing Quran
Movement change beyond the duration of time and the variations of object appearance becomes an interesting topic for research in computer vision. Object behavior can be recognized through movement change on video. During...