A Novel DDoS Floods Detection and Testing Approaches for Network Traffic based on Linux Techniques

Abstract

In Today’s Digital World, the continuous interruption of users has affected Web Servers (WSVRs), through Distributed Denial-of-Service (DDoS) attacks. These attacks always remain a massive warning to the World Wide Web (WWW). These warnings can interrupt the accessibility of WSVRs, completely by disturbing each data processing before intercommunication properties over pure dimensions of Data-Driven Networks (DDN), management and cooperative communities on the Internet technology. The purpose of this research is to find, describe and test existing tools and features available in Linux-based solution lab design Availability Protection System (Linux-APS), for filtering malicious traffic flow of DDoS attacks. As source of malicious traffic flow taken most widely used DDoS attacks, targeting WSVRs. Synchronize (SYN), User Datagram Protocol (UDP) and Internet Control Message Protocol (ICMP) Flooding attacks are described and different variants of the mitigation techniques are explained. Available cooperative tools for manipulating with network traffic, like; Ebtables and Iptables tools are compared, based on each type of attacks. Specially created experimental network was used for testing purposes, configured filters servers and bridge. Inspected packets flow through Linux-kernel network stack along with tuning options serving for increasing filter server traffic throughput. In the part of contribution as an outcomes, Ebtables tool appears to be most productive, due to less resources it needed to process each packet (frame). Pointed out that separate detecting system is needed for this tool, in order to provide further filtering methods with data. As main conclusion, Linux-APS, solutions provide full functionality for filtering malicious traffic flow of DDoS attacks either in stand-alone state or combined with detecting systems.

Authors and Affiliations

Muhammad Tahir, Mingchu Li, Naeem Ayoub, Usman Shehzaib, Atif Wagan

Keywords

Related Articles

Robust Facial Expression Recognition via Sparse Representation and Multiple Gabor filters

Facial expressions recognition plays important role in human communication. It has become one of the most challenging tasks in the pattern recognition field. It has many applications such as: human computer interaction,...

Analysis of Coauthorship Network in Political Science using Centrality Measures

In recent era, networks of data are growing massively and forming a shape of complex structure. Data scientists try to analyze different complex networks and utilize these networks to understand the complex structure of...

Time Variant Change Analysis in Satellite Images

This paper describes the time variant changes in satellite images using Self Organizing Feature Map (SOFM) technique associated with Artificial Neural Network. In this paper, we take a satellite image and find the time v...

CAT5:A Tool for Measuring the Maturity Level of Information Technology Governance Using COBIT 5 Framework

Companies have more and more trends to automate their operational and organizational activities, therefore the investment of information technology (IT) continues to increase every year. However, good governance that can...

Line of Sight Estimation Accuracy Improvement using Depth Image and Ellipsoidal Model of Cornea Curvature

Line of sight estimation accuracy improvement is attempted using depth image (distance between user and display) and ellipsoidal model (shape of user’s eye) of cornea curvature. It is strongly required to improve line of...

Download PDF file
  • EP ID EP277023
  • DOI 10.14569/IJACSA.2018.090248
  • Views 110
  • Downloads 0

How To Cite

Muhammad Tahir, Mingchu Li, Naeem Ayoub, Usman Shehzaib, Atif Wagan (2018). A Novel DDoS Floods Detection and Testing Approaches for Network Traffic based on Linux Techniques. International Journal of Advanced Computer Science & Applications, 9(2), 341-357. https://europub.co.uk/articles/-A-277023