文章基本信息

标题：Analysis and Detection of DDoS Attacks Targetting Virtualized Servers
本地全文：下载
作者：Nisar Ahmed ; Intesab Hussain sadhayo ; Zahid Yousif 等
期刊名称：International Journal of Computer Science and Network Security
印刷版ISSN：1738-7906
出版年度：2019
卷号：19
期号：1
页码：128-133
出版社：International Journal of Computer Science and Network Security
摘要：In recent years, virtualization is a fast-growing technology and moving beyond the test and development and manufacture merging to high availability and disaster recovery in big data. Cloud Computing and grid computing solve the increasing computing and storage problems arising in the Internet Age with efficient use of resources, ease of management and efficient power consumption. Therefore, many platforms have become in demand such as VMware ESXi, Microsoft Hyper-V server and Xen Hypervisors .However, the virtualization is facing many security concerns among which Distributed Denial of Service (DDoS) is the major threat in this technological era. DDoS is an attempt of attacking in distributed fashion to make a server’s resource unavailable to its legitimate users. It is one of the most severe attacks that threatens many popular Internet based services like e- commerce, e-banking, transportation, medicine and education etc. The aim of this paper is to study the impact of processor exhaustion due to DDoS attacks on virtual server and implement the Snort intrusion detection systems (IDS). The proposed strategy effectively detects DDoS attacks such as TCP SYN and UDP Flood attack based on the threshold limit in the specified time mechanism which gave better results than other state of the art solutions. DDoS attack is generated with the help of LOIC tool to check the processor exhaustion of virtual server at different packet rates and time durations. The experimental results have demonstrated that maximum peak packet rate of TCP SYN is 277143 and UDP DDoS is 168000 at which the server is totally halted. The generated attacks are detected in the form of logs in which source and destination addresses are represented along with port addresses. Furthermore, the Snort IDS tool detects the attack at the early stage. Moreover, it helps to minimize the effect of DDoS attack by alerting the network administrator which facilitates to diagnose the problem.
关键词：Virtualization; DDoS; TCP SYN flood attack; UDP flood attack; Snort IDS