INSPIRING FUTURES

A methodology to evaluate rate-based intrusion prevention system against distributed denial-of-service (DDoS).

Buchanan, William J, Flandrin, Flavien, Macfarlane, Richard and Graves, Jamie (2011) A methodology to evaluate rate-based intrusion prevention system against distributed denial-of-service (DDoS). In: Cyberforensics 2011, 27th -28th June 2011, University of Strathclyde, Glasgow.

[img]
Preview
PDF
Buchanan2.pdf
Available under License Creative Commons Attribution Non-commercial.

Download (775kB)

Abstract/Description

This paper defines a methodology for the evaluation of a Rate-based Intrusion Prevention System (IPS) for a Distributed Denial of Service (DDoS) threat. This evaluation system uses realistic background traffic along with attacking traffic, with four different DDoS attacks. The evaluation metrics are defined using Snort for: rate of packet loss; time to respond; available bandwidth; latency; reliability; CPU loading; and memory usage. The results show that system is effective in handling a low-throughput DDoS attack, but when a rate of 6 000 pps of malicious traffic is reached, Snort starts to drop malicious and legitimate packets, in at the same rate of loss. It also shows that the IPS operates well up to traffic throughputs up to 1Mbps.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Keywords: Rate-based Intrusion Prevention System; Distributed Denial of Service; evaluation metrics;
University Divisions/Research Centres: Edinburgh Napier University, Institute for Informatics and Digital Innovation
Dewey Decimal Subjects: 000 Computer science, information & general works > 000 Computer science, knowledge & systems > 006 Special Computer Methods
Library of Congress Subjects: Q Science > QA Mathematics > QA76 Computer software
Item ID: 4432
Depositing User: Computing Research
Date Deposited: 27 May 2011 13:15
Last Modified: 27 May 2011 13:15
URI: http://researchrepository.napier.ac.uk/id/eprint/4432

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics

Edinburgh Napier University is a registered Scottish charity. Registration number SC018373