Makerere University Research Repository >
Faculty of Computing and Information Technology >
Theses & Dissertations (CIT) >
Please use this identifier to cite or link to this item:
|Title: ||Exploring the use of multiple gateways for improvement of defense against distributed denial of service attacks in a corporate network|
|Authors: ||Muwonge, Bernard Ssajjabbi|
|Keywords: ||Network gateways|
Network access denial
|Issue Date: ||Mar-2009 |
|Abstract: ||As the need for Internet connectivity becomes a necessity for all organizations, hackers and crackers too, are not asleep. One of the major threats of the Internet are the DDoS attacks.
To ISPs, the increasing volume of unwanted traffic is rather disgusting. For it tremendously affects the network Quality of Service. The DDoS attacks can completely block access to a network resource such as a Website. They target financial institutions and other mission critical networks especially as e-commerce and e-banking take root. Some of the reported cases include one that occurred in August 1999 at the University of Minnesota, USA that blocked their network for more than 2 days, and another one that kept the yahoo and CNN Websites totally offline in 2000. A number of detection and response techniques have been proposed though none of them has been completely successful in blocking these attacks. An organization can deploy a number of redundant gateways to act as backups in the event of an attack so that the trusted network users can access it through the alternative gateways.
In this thesis, we look at how best we can use multiple gateways to defend a corporate network against DDoS attacks. We explore the question of how many alternative gateways are optimal considering the issue of cost in terms of bandwidth. Since different queuing algorithms exhibit varying performance during flooding attacks on a network, the thesis also explores the performance of the different queuing algorithms to determine which one offers better QoS during attack. The queuing algorithms considered are DT, RED, FQ and SFQ. NS-2 simulator is used to evaluate and analyze the performance of these algorithms and explore the optimal number of gateways. The study has been tailored towards corporate networks. Preliminary results show that the optimal number of gateways is 3 for DT and SFQ while it is 4 for FQ and RED. The best performing algorithm was SFQ followed by DT.|
|Description: ||A Project report submitted to the School of Graduate Studies in partial fulfilment of the requirements for the award of the Degree of Master of Science in Data Communication and Software Engineering of Makerere University.|
|Appears in Collections:||Theses & Dissertations (CIT)|
Files in This Item:
|muwonge-bernard-ssajjabbi-cit-masters-report.pdf||Thesis report||4427Kb||Adobe PDF||View/Open|
All items in DSpace are protected by copyright, with all rights reserved.