Performance analysis of defense mechanisms against UDP flood attacks
Citation:Treseangrat, K. (2014). Performance analysis of defense mechanisms against UDP flood attacks. An unpublished thesis submitted in partial fulfilment of the requirements for the degree of Master of Computing. Unitec Institute of Technology.
Permanent link to Research Bank record:http://hdl.handle.net/10652/2523
A Distributed Denial of Service (DDoS) attack remains one of the most common and devastating security threats to the Internet world. The main purpose of an attack is to disable the use of services on the Internet or the victim network by sending a large number of IP packets to the targeted system. Since no single solution for a DDoS attack has been found, these attacks have managed to prevail on the Internet for a decade. Therefore, it is necessary and important to evaluate such an attack in a real testbed environment to find the most suitable defense mechanism. In this thesis, the different types of DDoS attacks are discussed followed by a focus on UDP flood attacks. Tests were conducted and new results obtained on the impact of a UDP flood attack on computers using the latest versions of Windows and Linux platforms, e.g., Windows Server 2012, Windows 8, and Linux Ubuntu 13. This research also produced new evaluation results on various defense mechanisms such as Network Load Balancing, Software Firewall, Access Control Lists, Threshold Limit, Hybrid Method, and IP Verify. Unlike simulation studies, this project lays down the steps involved in implementing the attack in a real testbed environment. In this study, the victim network is based on an Intranet network environment that provides several services (e.g., a web service and file transfer service) to legitimate clients. An attacker in the testbed, on the other hand, will launch the attack from outside the local subnet. Several metrics such as round-trip time, user throughput, packet loss, and CPU utilization of the victim computer were gathered in order to investigate the impact of an attack. The findings of this study concluded that Linux Ubuntu 13 withstood UDP flood attacks better than Windows Server 2012 while the Hybrid Method and Threshold Limit were the most effective defenses against UDP flood attacks for both Windows and Linux platforms. Both defenses significantly increased throughputs, and reduced the RTT, packet loss, and CPU utilization of a victim computer. On the other hand, the Software Firewall was the least effective defense in all studies.