Download the complete Computer science topic and material (chapter 1-5) titled AN ADAPTIVE MODEL FOR DETECTING DDOS ATTACK ON IPV4 AND IPV6 here on PROJECTS.ng. See below for the abstract, table of contents, list of figures, list of tables, list of appendices, list of abbreviations and chapter one. Click the DOWNLOAD NOW button to get the complete project work instantly.
The Project File Details
As the Internet is growing so is the vulnerability of the network. Denial ofService attacks (DDoS) are one of such kind of attacks. In this paper, one of the more popular DDoS attack is the TCP-SYN Flood attack. The SYN flooding attacks are launched by exploiting the TCP’s three-way handshake mechanism and its limitation in maintaining its half-opened connections on internet protocols IPv4 and IPv6.
This study is aimed in the detection of DDOS attack with neuro-fuzzy algorithm combination of fuzzy logic and neural network (ANFIS). To simulate this project research MATLAB 2012a software which is a programming language and environment for scientific computing. The result of comparison showed that the ANFIS model to the ANFIS has more accuracy in detecting DDoS in Internet Protocol (IPv4 and IPv6).
Title Page ii
Declaration of Originality iv
Table of Contents viii
List of Figures x
1.0 Project Synopsis 1
1.1 Background to the Study 1
1.2 Statement of the Problem 3
1.3 Motivation 4
1.4 Aim and Objectives 5
1.5 Contribution to knowledge 5
1.6 Project Arrangement 5
2.0 Introduction 7
2.1 Historical background of IPv4 and IPv6 11
2.1.1 Ipv6 Improvement Over Ipv4 12
2.1.2 Denial of Service in Ipv6 Network 13
2.1.3 Internet Protocol (Ipv4 And Ipv6) Address Security 13
2.2 Existing methods for DDoS Attack Detection 14
2.2.1 Algorithms and Techniques for Detecting DoS / DDoS Attacks on 16
Network Servers and Internet Protocols
2.3 Review of Adaptive Neuro Fuzzy Inference Scheme (ANFIS) 22
3.0 Introduction 25
3.1 Methodology 25
3.2 Requirement specification 25
3.2.1 Functional Requirements 26
3.2.2 Non-Functional Requirements 26
3.2.3 Software Requirements 27
3.2.4 Hardware Requirements 27
3.3 System Analysis 28
3.3.1 Overview of Various DDoS Attack 28
3.3.2 ANFIS (FIS) Structure and Parameter Adjustment 29
3.3.3 A Normal and Attack Scenario 30
3.3.4 Protocol to trace back the source of DDoS attacks 34
3.4 Method of Data Collection 35
3.4.1 Preprocessing of Datasets 35
3.5 Design 36
3.5.1 Evaluation Metric 36
3.5.2 Design of Proposed Architecture 37
IMPLEMENTATION, RESULTS AND DISCUSSION
4.0 Introduction 41
4.1 Network Simulation 41
4.2 Testing 42
4.2.1 Training Data 43
4.3 Project schedule 46
4.4 Quality management 47
5.0 Conclusion 48
5.1 Contribution to knowledge 48
5.2 Limitations 49
5.3 Recommendation and future works 49
5.4 Critical Appraisal 49
LIST OF FIGURES
Figure 3.1: DDoS Attack Overview. 29
Figure 3.2: ANFIS Model Structure. 30
Figure 3.3: A Normal Scenario and A (SYN Flood Attack) Scenario. 32
Figure 3.4: A TYPICAL SYN-Flood Attack. 33
Figure 3.5: Basic Flow of Designing Artificial Neural Network Model 38
Figure 3.6: The Activity Flow Diagram of proposed method. 40
Figure 3.7: DDoS Detection Flowchart. 41
Figure 3.8: Proposed Architecture for Network Traffic Analyzer 42
Figure 4.1: Comparison of Training Data and ANFIS data 46
Figure 4.2: ANFIS Training Data Error at each training epoch. 47
Figure 4.3: Root Mean Squared Checking Data Errors at each training epoch. 48
Figure 4.4: Detection (Snapshot of the Interface) 49
This chapter focuses on the introductory aspect of the project, it consists of the background of the research project, statement of the problem, project aim and objectives and observation. It also gives an overview of the project report structure.
1.1 BACKGROUND OF THE STUDY
A Denial-of-Service (DoS) attack is a network attack from a single machine that attempts to prevent the victim, the targeted machine, from communicating to other devices on the network or perform its normal tasks (DiMarco, 2012). The extension of these attacks to include many malicious machines became known as Distributed Denial-of-Service (DDoS) attacks. DDoS attacks causes an immense amount of strain on both the victim and the devices used to reach the victim (DiMarco, 2012).
According toManickam, (2014), the first well documented DoS attacks occurred in 1974. These attacks were developed by hackers to disrupt communication between a client and a server. They would be targeted against a victim machine, but can lead to other machines being affected. Depending on the attack, the victim could fail to provide a single service or fail to provide any network connectivity at all.
One of the major challenges in the fast networks security management is that the detection of suspicious anomalies in network traffic patterns is often difficult and the machine will become vulnerable to attacks with time (Redhwan, 2014). A DDoS attack only differs with DoS from the method, a DoS is made from a system or network while a DDoS attack is organized to happen simultaneously from a large number of systems or networks.
A hacker begins a DDoS attack by exploiting vulnerability in a computer system and making it the DDoS “master”. From the master system, the intruder identifies and communicates with other systems that can be compromised also. The intruder loads DDoS attack tools on those compromised systems. The intruder can instruct the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service (Cai and Hembroff, 2006). Some DDoS attacks utilize internet worms to automate the process of exploiting and compromising computer systems, as well as launching DDoS attacks.
Attackers use spoofed source addresses to hide their identity and location in DDoS attacks. Some service providers do perform ingress filtering to check for valid source IP addresses coming into access routers, but this is not completely effective. The trace back mechanisms trace the true source of the attackers to stop the attack at the point nearest to its source to reduce waste of network resources and to find the attacker’s identities (Meena and Trivedi, 2012).
Nowadays, many companies and/or governments require a secure system and/or an accurate Intrusion Detection System (IDS) to defend their network services and the user’s private information. Kato and Klyuev, (2014) research further on network security, and they deduce DDoS attacks jam the network service of the target using multiple bots hijacked by crackers and send numerous packets to the target server.
Servers of many companies and/or governments have been victims of the attacks. In such an attack, detecting the crackers is extremely difficult, because they only send a command by multiple bots from another network and then leave the bots quickly after command execute.
In general, detection is required before the spread of a DDoS attack. DDoS detection is often part of a wider intrusion detection system (IDS). IDS can be classified based on the serving component (the audit source location) as either host-based, network-based or a combination of both. The host-based is usually located in a single host while the network-based system is usually located on machine separate from the hosts that it protects. Hybrid intrusion detection systems combine both the network and host-based systems (Alenezi and Reed, 2012).
There are two general forms of DoS attacks: those that crash services and those that flood services. DoS attacks are implemented by either forcing the targeted computer to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately (Silica Kole, 2013).
1.2 STATEMENT OF THE PROBLEM
Firstly, with the relatively immature network infrastructure, many network operators don’t have the ability to inspect network traffic well enough to distinguish DDoS attacks from harmless traffic. Secondly, gateways that link IPv4 and IPv6 must store lots of ‘state’ information about the network traffic they handle, and that essentially makes them weaker and breakable. Divers challenges has been encountered in the network environment, where attackers spoof source IP addresses, and send out an indefinite quantity of packets attack that is above the average size or magnitude of IP addresses space. which consumes bandwidth, memory, CPU cycles, and any other resource that is necessary for normal operation. Due to the fact that IP’s occupies such a relatively small space, Internet security implementations are not taken into full consideration. This leaves a lot of networks vulnerable to various DDoS attacks. DDoS (such as SYN Flood) attack has posed a lot of threat on IP’s.
Various algorithms and models has been used to effectively address this problem. It is very important to develop a system capable of detecting various forms of attack on IP’s. Neural systems have effective learning calculations, and had been introduced as a contrasting option to computerize the improvement of tuning fuzzy frameworks.Neural systems present its computational attributes of learning in the fuzzy frameworks and get from them the translation and clarity of frameworks representation.This project work will make use of a model and algorithm to effectively address these situations.
The motivations for this research study are:
1.4 AIM AND OBJECTIVES
The project aim is to simulate and detect DDoS (TCP SYN) Flooding attacks on IPV4 and IPV6 using an ANFIS model and Neuro-Fuzzy algorithm to compare the performance analysis.
1.5 CONTRIBUTION TO KNOWLEDGE
This research work will make use of the proposed system to assist with prompt and accurate detection of DDoS attack on Ipv4 and Ipv6 so as to be able to ascertain the performance analysis of various network traffic and able to deduce the most suitable protocol for a particular network.
1.6 PROJECT ARRANGEMENT
Chapter one: Is the introduction of the project and it comprises background, statement of the problem, motivation, project aim and objectives, project methodology, contribution to knowledge and definitions of some terms used.
Chapter two: Contains an extensive literature review on various DDoS attacks. This will provide an in-depth knowledge of how to mitigate various form attacks.
Chapter three: Contains research methodology and it comprises requirement specification, analysis, design and also contains UML (Unified Modelling Language) diagrams that describes how the system works.
Chapter four: Contains the implantation procedure which consist of screen shots of the results and detailed discussion on how each component of the system works.
Chapter five: Conclusion of the work and proffers recommendation.