dc.description.abstract |
Cloud computing is one of the recent technology that provides different
services from different platform for the users at any time, at anywhere using
internet without any limitations. As cloud computing providing this service,
the most serious challenge is that, a DDoS attack which interrupt an online
service by generating a high volume of malicious traffic, which is called
flooding-attack. Moreover, DDoS attack consumes all the available network
resources thus rendering legitimate users unable to access the services. To
tackle this problem different research works have been done and proposed
to defeat this type of attack in traditional and SDN networks for the cloud
computing systems.
In this thesis, we developed and investigated a pushback distributed defense
mechanism or framework for private as well as public network domain DDoS
attacks. The defense system has three major components: traffic monitoring
with detection, attack identification and traffic control. The components are
inter-dependent and working in hierarchical fashion. The traffic monitoring
scheme monitors only high-rate outgoing flows at victim networks and
identify the source of an attack in the network. Once the source of an attack
is identified the traffic control daemon apply an ingress filtering to drops the
packets belonging to these flows. Based on the rules implemented on the
controller the rate limiting mechanism, limit the rate of an incoming traffic
to the victim node and filter the traffic in its source network controller. For
Distributed DDoS attack, the controller at the malicious source node network
send a pushback request message to apply a rule to the victim node
controller.
The proposed framework is evaluated with different performance metrics to
analyze the detection of rate of an attack traffic, throughput, link bandwidth,
attack and legitimate traffic drop rate, and system resource consumption
during normal and attack state. The simulation model is designed and aII
number of simulation experiments have been done on mininet virtual
network setup. The results demonstrate that the scheme is capable of
detecting flooding-based DDoS attacks, and the pushback defense
framework can effectively mitigate attack traffic in order to sustain the
quality of service for legitimate traffic |
en_US |