Date of Award

12-2009

Document Type

Thesis

Degree Name

Master of Science (MS)

Legacy Department

Computer Engineering

Advisor

Brooks, Richard R

Committee Member

Walker , Ian

Committee Member

Griffin , Christopher

Abstract

Network technology has experienced explosive growth in the past two decades. The vast connectivity of networks all over the world poses monumental risks. The generally accepted philosophy in the security world is that no system or network is completely secure [1] which makes network security a critical concern. The work done in this thesis focuses on Distributed Denial of Service Attacks (DDoS) where legitimate users are prevented from accessing network services. Although a lot of research has been done in this field, these attacks remain one of the most common threats affecting network performance.
One defense against DDoS attacks is to make attacks infeasible for an attacker, by increasing either the amount of attack traffic needed to disable a link or the number of attackers needed to disable the network.
Theoretical work has been done previously which focused on quantifying the attack traffic required to disable a set of mincut arcs in a network. In this thesis, we experimentally verify the validity of the analysis performed by running simulations using the SSFNet network simulator. A Distributed Denial of Service attack is simulated by flooding the mincut arcs in the network. From the results, we analyze the minimum number of zombie processors (attack sources) required to disable a set of arcs
and the minimum attack traffic volume required to disable the arcs.

Share

COinS