An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic
Recently, a serious disturbance for network security could be a Distributed Denial of Service (DDoS) attack. The advent of technological era has also brought along the threat of DDoS attacks for a variety of services and applications that use the Internet. Firms can incur huge financial losses even...
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English English English |
| Published: |
2019
|
| Subjects: | |
| Online Access: | http://eprints.uthm.edu.my/475/ http://eprints.uthm.edu.my/475/1/24p%20BASHAR%20AHMED%20KHALAF.pdf http://eprints.uthm.edu.my/475/2/BASHAR%20AHMED%20KHALAF%20COPYRIGHT%20DECLARATION.pdf http://eprints.uthm.edu.my/475/3/BASHAR%20AHMED%20KHALAF%20WATERMARK.pdf |
| _version_ | 1848887204779130880 |
|---|---|
| author | Ahmed Khalaf, Bashar |
| author_facet | Ahmed Khalaf, Bashar |
| author_sort | Ahmed Khalaf, Bashar |
| building | UTHM Institutional Repository |
| collection | Online Access |
| description | Recently, a serious disturbance for network security could be a Distributed Denial of Service (DDoS) attack. The advent of technological era has also brought along the threat of DDoS attacks for a variety of services and applications that use the Internet. Firms can incur huge financial losses even if there is a disruption in services for a fraction of period. Similar to a DDoS attack is the Flash Crowd (FC) flooding traffics, in which a particular service is assessed by many legitimate users concurrently, which results in the denial of service. Overloading of network resources is a common issue associated with both of these events, which impact CPU, available bandwidth, and memory for legitimate users, thereby leading to limited accessibility. To address this issue, this thesis proposes an adaptive agent-based protection model known as Adaptive Protection of Flooding Attacks (APFA) specific for DDoS attacks and FC flooding traffics. The APFA model is aimed to protect the Network Application Layer (NAL) against such attacks. The APFA model consists of analysis, detection, decision and filter modules. The main contribution of this work in the APFA model is the decision module that employs a software agent to adapt and recognize the DDoS attacks (Demons and Zombies) and FC flooding traffics. The agent is equipped with three analysis functions that operate on three parameters of normal traffic intensity, traffic attack behavior, and IP address history log. The agent accordingly reacts on each of these attacks with different types of filtering actions as required. APFA model was implemented and tested by applying different attack scenarios using CIDDS standard dataset. The APFA model testing results achieve an accuracy of 99.64%, a precision of 99.62% and sensitivity of 99.96%. The APFA model results outperform similar models of the related work and the adaptive agent is able to distinguish between demons and zombies of the DDoS attacks with high accuracy of 99.91%. |
| first_indexed | 2025-11-15T19:50:41Z |
| format | Thesis |
| id | uthm-475 |
| institution | Universiti Tun Hussein Onn Malaysia |
| institution_category | Local University |
| language | English English English |
| last_indexed | 2025-11-15T19:50:41Z |
| publishDate | 2019 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | uthm-4752021-07-25T07:01:02Z http://eprints.uthm.edu.my/475/ An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic Ahmed Khalaf, Bashar HF Commerce HF5001-6182 Business Recently, a serious disturbance for network security could be a Distributed Denial of Service (DDoS) attack. The advent of technological era has also brought along the threat of DDoS attacks for a variety of services and applications that use the Internet. Firms can incur huge financial losses even if there is a disruption in services for a fraction of period. Similar to a DDoS attack is the Flash Crowd (FC) flooding traffics, in which a particular service is assessed by many legitimate users concurrently, which results in the denial of service. Overloading of network resources is a common issue associated with both of these events, which impact CPU, available bandwidth, and memory for legitimate users, thereby leading to limited accessibility. To address this issue, this thesis proposes an adaptive agent-based protection model known as Adaptive Protection of Flooding Attacks (APFA) specific for DDoS attacks and FC flooding traffics. The APFA model is aimed to protect the Network Application Layer (NAL) against such attacks. The APFA model consists of analysis, detection, decision and filter modules. The main contribution of this work in the APFA model is the decision module that employs a software agent to adapt and recognize the DDoS attacks (Demons and Zombies) and FC flooding traffics. The agent is equipped with three analysis functions that operate on three parameters of normal traffic intensity, traffic attack behavior, and IP address history log. The agent accordingly reacts on each of these attacks with different types of filtering actions as required. APFA model was implemented and tested by applying different attack scenarios using CIDDS standard dataset. The APFA model testing results achieve an accuracy of 99.64%, a precision of 99.62% and sensitivity of 99.96%. The APFA model results outperform similar models of the related work and the adaptive agent is able to distinguish between demons and zombies of the DDoS attacks with high accuracy of 99.91%. 2019-10 Thesis NonPeerReviewed text en http://eprints.uthm.edu.my/475/1/24p%20BASHAR%20AHMED%20KHALAF.pdf text en http://eprints.uthm.edu.my/475/2/BASHAR%20AHMED%20KHALAF%20COPYRIGHT%20DECLARATION.pdf text en http://eprints.uthm.edu.my/475/3/BASHAR%20AHMED%20KHALAF%20WATERMARK.pdf Ahmed Khalaf, Bashar (2019) An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic. Masters thesis, Universiti Tun Hussein Onn Malaysia. |
| spellingShingle | HF Commerce HF5001-6182 Business Ahmed Khalaf, Bashar An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic |
| title | An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic |
| title_full | An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic |
| title_fullStr | An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic |
| title_full_unstemmed | An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic |
| title_short | An improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic |
| title_sort | improved agent-based adaptive protection model for distributed denial of service flooding attack and flash crowd flooding traffic |
| topic | HF Commerce HF5001-6182 Business |
| url | http://eprints.uthm.edu.my/475/ http://eprints.uthm.edu.my/475/1/24p%20BASHAR%20AHMED%20KHALAF.pdf http://eprints.uthm.edu.my/475/2/BASHAR%20AHMED%20KHALAF%20COPYRIGHT%20DECLARATION.pdf http://eprints.uthm.edu.my/475/3/BASHAR%20AHMED%20KHALAF%20WATERMARK.pdf |