Edinburgh Napier University

  Distributed Denial-of-Service (DDoS) attacks against corporate networks and assets are increasing, and their potential risk for future attacks is also a major concern. These attacks typically aim at disabling computer network infrastructure, and, since there is no one method to mitigate this type of threat, organisations must deploy adequate solutions, and assess the adequacy of their choices against their network requirements, through analysis, such as a simulation, or through network device modelling. A key factor is that DDoS is a dynamic type of attack, and thus device performance is a key parameter, especially for intermediate devices, such as network firewalls. Most of the modelling, though, for firewalls is focusing on static and logical performance attributes, such as whether traffic is denied or permitted. Thus existing models typically cannot deal with dynamic issues when related to intermediate devices. Simulation tools might be possible, but it is often difficult to cover a whole range of devices, thus this paper outlines a novel method of modelling the dynamic performance of network firewalls, and in measuring if they can cope with varying network loads.