As the Internet is growing so is the vulnerability of the network. Denial ofService attacks (DDoS) are one of such kind of attacks. In this paper, one of the more popular DDoS attack is the TCP-SYN Flood attack. The SYN flooding attacks are launched by exploiting the TCP’s three-way handshake mechanism and its limitation in maintaining its half-opened connections on internet protocols IPv4 and IPv6.
This study is aimed in the detection of DDOS attack with neuro-fuzzy algorithm combination of fuzzy logic and neural network (ANFIS). To simulate this project research MATLAB 2012a software which is a programming language and environment for scientific computing. The result of comparison showed that the ANFIS model to the ANFIS has more accuracy in detecting DDoS in Internet Protocol (IPv4 and IPv6).
TABLE OF CONTENT
Cover Page i
Title Page ii
Declaration of Originality iv
Table of Contents viii
List of Figures x
1.0 Project Synopsis 1
1.1 Background to the Study 1
1.2 Statement of the Problem 3
1.3 Motivation 4
1.4 Aim and Objectives 5
1.5 Contribution to knowledge 5
1.6 Project Arrangement 5
2.0 Introduction 7
2.1 Historical background of IPv4 and IPv6 11
2.1.1 Ipv6 Improvement Over Ipv4 12
2.1.2 Denial of Service in Ipv6 Network 13
2.1.3 Internet Protocol (Ipv4 And Ipv6) Address Security 13
2.2 Existing methods for DDoS Attack Detection 14
2.2.1 Algorithms and Techniques for Detecting DoS / DDoS Attacks on 16
Network Servers and Internet Protocols
2.3 Review of Adaptive Neuro Fuzzy Inference Scheme (ANFIS) 22
3.0 Introduction 25
3.1 Methodology 25
3.2 Requirement specification 25
3.2.1 Functional Requirements 26
3.2.2 Non-Functional Requirements 26
3.2.3 Software Requirements 27
3.2.4 Hardware Requirements 27
3.3 System Analysis 28
3.3.1 Overview of Various DDoS Attack 28
3.3.2 ANFIS (FIS) Structure and Parameter Adjustment 29
3.3.3 A Normal and Attack Scenario 30
3.3.4 Protocol to trace back the source of DDoS attacks 34
3.4 Method of Data Collection 35
3.4.1 Preprocessing of Datasets 35
3.5 Design 36
3.5.1 Evaluation Metric 36
3.5.2 Design of Proposed Architecture 37
IMPLEMENTATION, RESULTS AND DISCUSSION
4.0 Introduction 41
4.1 Network Simulation 41
4.2 Testing 42
4.2.1 Training Data 43
4.3 Project schedule 46
4.4 Quality management 47
5.0 Conclusion 48
5.1 Contribution to knowledge 48
5.2 Limitations 49
5.3 Recommendation and future works 49
5.4 Critical Appraisal 49
LIST OF FIGURES
Figure 3.1: DDoS Attack Overview. 29
Figure 3.2: ANFIS Model Structure. 30
Figure 3.3: A Normal Scenario and A (SYN Flood Attack) Scenario. 32
Figure 3.4: A TYPICAL SYN-Flood Attack. 33
Figure 3.5: Basic Flow of Designing Artificial Neural Network Model 38
Figure 3.6: The Activity Flow Diagram of proposed method. 40
Figure 3.7: DDoS Detection Flowchart. 41
Figure 3.8: Proposed Architecture for Network Traffic Analyzer 42
Figure 4.1: Comparison of Training Data and ANFIS data 46
Figure 4.2: ANFIS Training Data Error at each training epoch. 47
Figure 4.3: Root Mean Squared Checking Data Errors at each training epoch. 48
Figure 4.4: Detection (Snapshot of the Interface) 49
This chapter focuses on the introductory aspect of the project, it consists of the background of the research project, statement of the problem, project aim and objectives and observation. It also gives an overview of the project report structure.
1.1 BACKGROUND OF THE STUDY
A Denial-of-Service (DoS) attack is a network attack from a single machine that attempts to prevent the victim, the targeted machine, from communicating to other devices on the network or perform its normal tasks (DiMarco, 2012). The extension of these attacks to include many malicious machines became known as Distributed Denial-of-Service (DDoS) attacks. DDoS attacks causes an immense amount of strain on both the victim and the devices used to reach the victim (DiMarco, 2012).
According toManickam, (2014), the first well documented DoS attacks occurred in 1974. These attacks were developed by hackers to disrupt communication between a client and a server. They would be targeted against a victim machine, but can lead to other machines being affected. Depending on the attack, the victim could fail to provide a single service or fail to provide any network connectivity at all.
One of the major challenges in the fast networks security management is that the detection of suspicious anomalies in network traffic patterns is often difficult and the machine will become vulnerable to attacks with time (Redhwan, 2014). A DDoS attack only differs with DoS from the method, a DoS is made from a system or network while a DDoS attack is organized to happen simultaneously from a large number of systems or networks.
A hacker begins a DDoS attack by exploiting vulnerability in a computer system and making it the DDoS “master”. From the master system, the intruder identifies and communicates with other systems that can be compromised also. The intruder loads DDoS attack tools on those compromised systems. The intruder can instruct the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service (Cai and Hembroff, 2006). Some DDoS attacks utilize internet worms to automate the process of exploiting and compromising computer systems, as well as launching DDoS attacks.
Attackers use spoofed source addresses to hide their identity and location in DDoS attacks. Some service providers do perform ingress filtering to check for valid source IP addresses coming into access routers, but this is not completely effective. The trace back mechanisms trace the true source of the attackers to stop the attack at the point nearest to its source to reduce waste of network resources and to find the attacker’s identities (Meena and Trivedi, 2012).
Nowadays, many companies and/or governments require a secure system and/or an accurate Intrusion Detection System (IDS) to defend their network services and the user’s private information. Kato and Klyuev, (2014) research further on network security, and they deduce DDoS attacks jam the network service of the target using multiple bots hijacked by crackers and send numerous packets to the target server.
Servers of many companies and/or governments have been victims of the attacks. In such an attack, detecting the crackers is extremely difficult, because they only send a command by multiple bots from another network and then leave the bots quickly after command execute.
In general, detection is required before the spread of a DDoS attack. DDoS detection is often part of a wider intrusion detection system (IDS). IDS can be classified based on the serving component (the audit source location) as either host-based, network-based or a combination of both. The host-based is usually located in a single host while the network-based system is usually located on machine separate from the hosts that it protects. Hybrid intrusion detection systems combine both the network and host-based systems (Alenezi and Reed, 2012).
There are two general forms of DoS attacks: those that crash services and those that flood services. DoS attacks are implemented by either forcing the targeted computer to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately (Silica Kole, 2013).
1.2 STATEMENT OF THE PROBLEM
Firstly, with the relatively immature network infrastructure, many network operators don’t have the ability to inspect network traffic well enough to distinguish DDoS attacks from harmless traffic. Secondly, gateways that link IPv4 and IPv6 must store lots of ‘state’ information about the network traffic they handle, and that essentially makes them weaker and breakable. Divers challenges has been encountered in the network environment, where attackers spoof source IP addresses, and send out an indefinite quantity of packets attack that is above the average size or magnitude of IP addresses space. which consumes bandwidth, memory, CPU cycles, and any other resource that is necessary for normal operation. Due to the fact that IP’s occupies such a relatively small space, Internet security implementations are not taken into full consideration. This leaves a lot of networks vulnerable to various DDoS attacks. DDoS (such as SYN Flood) attack has posed a lot of threat on IP’s.
Various algorithms and models has been used to effectively address this problem. It is very important to develop a system capable of detecting various forms of attack on IP’s. Neural systems have effective learning calculations, and had been introduced as a contrasting option to computerize the improvement of tuning fuzzy frameworks.Neural systems present its computational attributes of learning in the fuzzy frameworks and get from them the translation and clarity of frameworks representation.This project work will make use of a model and algorithm to effectively address these situations.
The motivations for this research study are:
- There is a need to adequately address and examine communication interrupt caused by various DDoS attack (such as SYN Flood) on Internet Protocols (Ipv4 and Ipv6) between client and server on a network, because it has posed a lot of threats and damages on the system as a whole.
- Due to attacks on network of user Internet protocols, there is a need to gain adequate knowledge on network attacks and how to address those attack issues, using a more efficient security technique and methodology.
- IP address spoofing that allows denial of service attack needs to be addressed to protect and help maintain the performance of computer systems and to protect information.
- And then of the neural networks (ANFIS) have learning capacity, generalization capacity, and also very efficient.
1.4 AIM AND OBJECTIVES
The project aim is to simulate and detect DDoS (TCP SYN) Flooding attacks on IPV4 and IPV6 using an ANFIS model and Neuro-Fuzzy algorithm to compare the performance analysis.
- To use an ANFIS model and Neuro-Fuzzy algorithm to detect DDoS attacks on IPv4 and IPv
- To gather, pre-process, train and test data for the experiment in (i).
- To implement a protocol that will be helpful to detect and trace back the source of DDoS attacks on IPv4 and IPv6.
1.5 CONTRIBUTION TO KNOWLEDGE
This research work will make use of the proposed system to assist with prompt and accurate detection of DDoS attack on Ipv4 and Ipv6 so as to be able to ascertain the performance analysis of various network traffic and able to deduce the most suitable protocol for a particular network.
1.6 PROJECT ARRANGEMENT
Chapter one: Is the introduction of the project and it comprises background, statement of the problem, motivation, project aim and objectives, project methodology, contribution to knowledge and definitions of some terms used.
Chapter two: Contains an extensive literaturereview on various DDoS attacks. This will provide an in-depth knowledge of how to mitigate various form attacks.
Chapter three: Contains research methodology and it comprises requirement specification, analysis, design and also contains UML (Unified Modelling Language) diagrams that describes how the system works.
Chapter four: Contains the implantation procedure which consist of screen shots of the results and detailed discussion on how each component of the system works.
Chapter five: Conclusion of the work and proffers recommendation.
DISCLAIMER: All project works, files and documents posted on this website, UniProjectTopics.com are the property/copyright of their respective owners. They are for research reference/guidance purposes only and some of the works may be crowd-sourced. Please don’t submit someone’s work as your own to avoid plagiarism and its consequences. Use it as a reference/citation/guidance purpose only and not copy the work word for word (verbatim). The paper should be used as a guide or framework for your own paper. The contents of this paper should be able to help you in generating new ideas and thoughts for your own study. UniProjectTopics.com is a repository of research works where works are uploaded for research guidance. Our aim of providing this work is to help you eradicate the stress of going from one school library to another in search of research materials. This is a legal service because all tertiary institutions permit their students to read previous works, projects, books, articles, journals or papers while developing their own works. This is where the need for literature review comes in. “What a good artist understands is that nothing comes from nowhere. All creative work builds on what came before. Nothing is completely original.” - Austin Kleon. The paid subscription on UniProjectTopics.com is a means by which the website is maintained to support Open Education. If you see your work posted here by any means, and you want it to be removed/credited, please contact us with the web address link to the work. We will reply to and honour every request. Please notice it may take up to 24 – 48 hours to process your request.