Makerere University Research Repository: Item 123456789/634

	About DSpace Software

	Home

Browse
	Communities & Collections
	Titles
	Authors
	By Date

Sign on to:
	Receive email updates
	My DSpace authorized users
	Edit Profile


	About DSpace

Makerere University Research Repository >
Faculty of Computing and Information Technology >
Theses & Dissertations (CIT) >

Please use this identifier to cite or link to this item: http://hdl.handle.net/123456789/634

Title:	Exploring the use of multiple gateways for improvement of defense against distributed denial of service attacks in a corporate network
Authors:	Muwonge, Bernard Ssajjabbi
Keywords:	Network gateways Network attacks Network security Network access denial
Issue Date:	Mar-2009
Abstract:	As the need for Internet connectivity becomes a necessity for all organizations, hackers and crackers too, are not asleep. One of the major threats of the Internet are the DDoS attacks. To ISPs, the increasing volume of unwanted traffic is rather disgusting. For it tremendously affects the network Quality of Service. The DDoS attacks can completely block access to a network resource such as a Website. They target financial institutions and other mission critical networks especially as e-commerce and e-banking take root. Some of the reported cases include one that occurred in August 1999 at the University of Minnesota, USA that blocked their network for more than 2 days, and another one that kept the yahoo and CNN Websites totally offline in 2000. A number of detection and response techniques have been proposed though none of them has been completely successful in blocking these attacks. An organization can deploy a number of redundant gateways to act as backups in the event of an attack so that the trusted network users can access it through the alternative gateways. In this thesis, we look at how best we can use multiple gateways to defend a corporate network against DDoS attacks. We explore the question of how many alternative gateways are optimal considering the issue of cost in terms of bandwidth. Since different queuing algorithms exhibit varying performance during flooding attacks on a network, the thesis also explores the performance of the different queuing algorithms to determine which one offers better QoS during attack. The queuing algorithms considered are DT, RED, FQ and SFQ. NS-2 simulator is used to evaluate and analyze the performance of these algorithms and explore the optimal number of gateways. The study has been tailored towards corporate networks. Preliminary results show that the optimal number of gateways is 3 for DT and SFQ while it is 4 for FQ and RED. The best performing algorithm was SFQ followed by DT.
Description:	A Project report submitted to the School of Graduate Studies in partial fulfilment of the requirements for the award of the Degree of Master of Science in Data Communication and Software Engineering of Makerere University.
URI:	http://hdl.handle.net/123456789/634
Appears in Collections:	Theses & Dissertations (CIT)

Files in This Item:

File	Description	Size	Format
muwonge-bernard-ssajjabbi-cit-masters-report.pdf	Thesis report	4427Kb	Adobe PDF	View/Open

All items in DSpace are protected by copyright, with all rights reserved.

DSpace Software Copyright © 2002-2005 MIT and Hewlett-Packard - Feedback