Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor
A methodology to evaluate rate-based intrusion prevention system against distributed denial-of-service (DDoS).
Buchanan, William J; Flandrin, Flavien; Macfarlane, Richard; Graves, Jamie
Authors
Flavien Flandrin
Rich Macfarlane R.Macfarlane@napier.ac.uk
Associate Professor
Jamie Graves
Abstract
This paper defines a methodology for the evaluation of a Rate-based Intrusion Prevention System (IPS) for a Distributed Denial of Service (DDoS) threat. This evaluation system uses realistic background traffic along with attacking traffic, with four different DDoS attacks. The evaluation metrics are defined using Snort for: rate of packet loss; time to respond; available bandwidth; latency; reliability; CPU loading; and memory usage. The results show that system is effective in handling a low-throughput DDoS attack, but when a rate of 6 000 pps of malicious traffic is reached, Snort starts to drop malicious and legitimate packets, in at the same rate of loss. It also shows that the IPS operates well up to traffic throughputs up to 1Mbps.
Citation
Buchanan, W. J., Flandrin, F., Macfarlane, R., & Graves, J. (2011). A methodology to evaluate rate-based intrusion prevention system against distributed denial-of-service (DDoS). In Cyberforensics 2011
| Conference Name | Cyberforensics 2011 |
|---|---|
| Start Date | Jun 27, 2011 |
| End Date | Jun 28, 2011 |
| Publication Date | 2011 |
| Deposit Date | May 27, 2011 |
| Publicly Available Date | Dec 31, 2011 |
| Peer Reviewed | Peer Reviewed |
| Book Title | Cyberforensics 2011 |
| Keywords | Rate-based Intrusion Prevention System; Distributed Denial of Service; evaluation metrics; |
| Public URL | http://researchrepository.napier.ac.uk/id/eprint/4432 |
| Contract Date | May 27, 2011 |
Files
Buchanan2.pdf
(776 Kb)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by-nc/4.0/
You might also like
Approaches to the classification of high entropy file fragments.
(2013)
Journal Article
Formal security policy implementations in network firewalls.
(2011)
Journal Article
Evaluation of the DFET Cloud.
(2015)
Presentation / Conference Contribution
Teaching penetration and malware analysis in a cloud-based environment.
(2015)
Presentation / Conference Contribution
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search