IJCSNS - International Journal of Computer Science and Network Security

To search, Click below search items.

All Published Papers Search Service

Title	Analysis and Detection of DDoS Attacks Targetting Virtualized Servers
Author	Nisar Ahmed, Intesab Hussain sadhayo, Zahid Yousif, Nadeem Naeem, Sajida Parveen
Citation	Vol. 19 No. 1 pp. 128-133
Abstract	In recent years, virtualization is a fast-growing technology and moving beyond the test and development and manufacture merging to high availability and disaster recovery in big data. Cloud Computing and grid computing solve the increasing computing and storage problems arising in the Internet Age with efficient use of resources, ease of management and efficient power consumption. Therefore, many platforms have become in demand such as VMware ESXi, Microsoft Hyper-V server and Xen Hypervisors .However, the virtualization is facing many security concerns among which Distributed Denial of Service (DDoS) is the major threat in this technological era. DDoS is an attempt of attacking in distributed fashion to make a server’s resource unavailable to its legitimate users. It is one of the most severe attacks that threatens many popular Internet based services like e- commerce, e-banking, transportation, medicine and education etc. The aim of this paper is to study the impact of processor exhaustion due to DDoS attacks on virtual server and implement the Snort intrusion detection systems (IDS). The proposed strategy effectively detects DDoS attacks such as TCP SYN and UDP Flood attack based on the threshold limit in the specified time mechanism which gave better results than other state of the art solutions. DDoS attack is generated with the help of LOIC tool to check the processor exhaustion of virtual server at different packet rates and time durations. The experimental results have demonstrated that maximum peak packet rate of TCP SYN is 277143 and UDP DDoS is 168000 at which the server is totally halted. The generated attacks are detected in the form of logs in which source and destination addresses are represented along with port addresses. Furthermore, the Snort IDS tool detects the attack at the early stage. Moreover, it helps to minimize the effect of DDoS attack by alerting the network administrator which facilitates to diagnose the problem.
Keywords	Virtualization, DDoS, TCP SYN flood attack, UDP flood attack, Snort IDS
URL	http://paper.ijcsns.org/07_book/201901/20190115.pdf