Performance analysis of defense mechanisms against UDP flood attacks

Treseangrat, Kiattikul

Treseangrat, Kiattikul

View fulltext online

Kiattikul Tresenagrat_2014-07-30.pdf (2.331Mb)

Date

2014

Citation:

Treseangrat, K. (2014). Performance analysis of defense mechanisms against UDP flood attacks. An unpublished thesis submitted in partial fulfilment of the requirements for the degree of Master of Computing. Unitec Institute of Technology.

Permanent link to Research Bank record:

https://hdl.handle.net/10652/2523

Abstract

A Distributed Denial of Service (DDoS) attack remains one of the most common and devastating security threats to the Internet world. The main purpose of an attack is to disable the use of services on the Internet or the victim network by sending a large number of IP packets to the targeted system. Since no single solution for a DDoS attack has been found, these attacks have managed to prevail on the Internet for a decade. Therefore, it is necessary and important to evaluate such an attack in a real testbed environment to find the most suitable defense mechanism. In this thesis, the different types of DDoS attacks are discussed followed by a focus on UDP flood attacks. Tests were conducted and new results obtained on the impact of a UDP flood attack on computers using the latest versions of Windows and Linux platforms, e.g., Windows Server 2012, Windows 8, and Linux Ubuntu 13. This research also produced new evaluation results on various defense mechanisms such as Network Load Balancing, Software Firewall, Access Control Lists, Threshold Limit, Hybrid Method, and IP Verify. Unlike simulation studies, this project lays down the steps involved in implementing the attack in a real testbed environment. In this study, the victim network is based on an Intranet network environment that provides several services (e.g., a web service and file transfer service) to legitimate clients. An attacker in the testbed, on the other hand, will launch the attack from outside the local subnet. Several metrics such as round-trip time, user throughput, packet loss, and CPU utilization of the victim computer were gathered in order to investigate the impact of an attack. The findings of this study concluded that Linux Ubuntu 13 withstood UDP flood attacks better than Windows Server 2012 while the Hybrid Method and Threshold Limit were the most effective defenses against UDP flood attacks for both Windows and Linux platforms. Both defenses significantly increased throughputs, and reduced the RTT, packet loss, and CPU utilization of a victim computer. On the other hand, the Software Firewall was the least effective defense in all studies.

Keywords:

DDoS attacks, UDP flood attacks, Windows Server 2012, Windows 8, Linux Ubuntu 13, network security, computer security, Distributed Denial of Service (DDoS)

ANZSRC Field of Research:

080303 Computer System Security

Degree:

Master of Computing, Unitec Institute of Technology

Supervisors:

Kolahi, Samad; Sarrafpour, Bahman; Jayawardena, Chandimal

Copyright Holder:

Author

Copyright Notice:

Rights:

This digital work is protected by copyright. It may be consulted by you, provided you comply with the provisions of the Act and the following conditions of use. These documents or images may be used for research or private study purposes. Whether they can be used for any other purpose depends upon the Copyright Notice above. You will recognise the author's and publishers rights and give due acknowledgement where appropriate.

Metadata

Show detailed record

This item appears in

Computing Dissertations and Theses [90]