Packet filter performance monitor (anti-DDOS algorithm for hybrid topologies)

DDoS attacks are increasingly becoming a major problem. According to Arbor Networks, the largest DDoS attack reported by a respondent in 2015 was 500 Gbps. Hacker News stated that the largest DDoS attack as of March 2016 was over 600 Gbps, and the attack targeted the entire BBC website. With this increasing frequency and threat, and the average DDoS attack duration at about 16 hours, we know for certain that DDoS attacks will not be going away anytime soon. Commercial companies are not effectively providing mitigation techniques against these attacks, considering that major corporations face the same challenges. Current security appliances are not strong enough to handle the overwhelming traffic that accompanies current DDoS attacks. There is also a limited research on solutions to mitigate DDoS attacks. Therefore, there is a need for a means of mitigating DDoS attacks in order to minimize downtime. One possible solution is for organizations to implement their own architectures that are meant to mitigate DDoS attacks. In this dissertation, we present and implement an architecture that utilizes an activity monitor to change the states of firewalls based on their performance in a hybrid network. Both firewalls are connected inline. The monitor is mirrored to monitor the firewall states. The monitor reroutes traffic when one of the firewalls become overwhelmed due to a HTTP DDoS flooding attack. The monitor connects to the API of both firewalls. The communication between the rewalls and monitor is encrypted using AES, based on PyCrypto Python implementation. This dissertation is structured in three parts. The first found the weakness of the hardware firewall and determined its threshold based on spike and endurance tests. This was achieved by flooding the hardware firewall with HTTP packets until the firewall became overwhelmed and unresponsive. The second part implements the same test as the first, but targeted towards the virtual firewall. The same parameters, test factors, and determinants were used; however a different load tester was utilized. The final part was the implementation and design of the firewall performance monitor. The main goal of the dissertation is to minimize downtime when network firewalls are overwhelmed as a result of a DDoS attack

Managing DDoS attacks on Virtual Machines by Segregated Policy Management

Security is considered as most crucial aspect in cloud computing. It has attracted lots of research in the recent years. On the other hand, attackers are exploring and exploiting the vulnerabilities in cloud. The heart of the Cloud computing lies in Virtualization technology. Attackers are taking the advantage of vulnerabilities in Virtual Machines and they can able to compromise virtual machines thereby launching DDOS attacks. Services such as Saas,IaaS which are meant to support end users may get affected and attackers may launch attacks either directly or by using zombies. Generally, Data Centres own security policies for dealing with security issues. Suppose incase of DDoS attacks, only the policies which deals with it ,can only been applied. However, in datacenters, all the security policies are commonly been applied on the applications irrespective of their category or security threats that it face. The existing approach consumes lots of time and wastage of resources. In this paper, we have developed an approach to segregate the applications as per the type or threats (by adapting detection mechanisms) being faced . Based on the zone in which it is lying , only the relevant security policies will only be applied. This approach is optimized where we can efficiently reduce the latency associated with applying security policies