This chapter focuses on the introductory aspect of the project, it consists of the background of the research project, statement of the problem, project aim and objectives and observation. It also gives an overview of the project report structure.
1.1 BACKGROUND OF THE STUDY
A Denial-of-Service (DoS) attack is a network attack from a single machine that attempts to prevent the victim, the targeted machine, from communicating to other devices on the network or perform its normal tasks (DiMarco, 2012). The extension of these attacks to include many malicious machines became known as Distributed Denial-of-Service (DDoS) attacks. DDoS attacks causes an immense amount of strain on both the victim and the devices used to reach the victim (DiMarco, 2012).
According toManickam, (2014), the first well documented DoS attacks occurred in 1974. These attacks were developed by hackers to disrupt communication between a client and a server. They would be targeted against a victim machine, but can lead to other machines being affected. Depending on the attack, the victim could fail to provide a single service or fail to provide any network connectivity at all.
One of the major challenges in the fast networks security management is that the detection of suspicious anomalies in network traffic patterns is often difficult and the machine will become vulnerable to attacks with time (Redhwan, 2014). A DDoS attack only differs with DoS from the method, a DoS is made from a system or network while a DDoS attack is organized to happen simultaneously from a large number of systems or networks.
A hacker begins a DDoS attack by exploiting vulnerability in a computer system and making it the DDoS “master”. From the master system, the intruder identifies and communicates with other systems that can be compromised also. The intruder loads DDoS attack tools on those compromised systems. The intruder can instruct the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service (Cai and Hembroff, 2006). Some DDoS attacks utilize internet worms to automate the process of exploiting and compromising computer systems, as well as launching DDoS attacks.
Attackers use spoofed source addresses to hide their identity and location in DDoS attacks. Some service providers do perform ingress filtering to check for valid source IP addresses coming into access routers, but this is not completely effective. The trace back mechanisms trace the true source of the attackers to stop the attack at the point nearest to its source to reduce waste of network resources and to find the attacker’s identities (Meena and Trivedi, 2012).
Nowadays, many companies and/or governments require a secure system and/or an accurate Intrusion Detection System (IDS) to defend their network services and the user’s private information. Kato and Klyuev, (2014) research further on network security, and they deduce DDoS attacks jam the network service of the target using multiple bots hijacked by crackers and send numerous packets to the target server.
Servers of many companies and/or governments have been victims of the attacks. In such an attack, detecting the crackers is extremely difficult, because they only send a command by multiple bots from another network and then leave the bots quickly after command execute.
In general, detection is required before the spread of a DDoS attack. DDoS detection is often part of a wider intrusion detection system (IDS). IDS can be classified based on the serving component (the audit source location) as either host-based, network-based or a combination of both. The host-based is usually located in a single host while the network-based system is usually located on machine separate from the hosts that it protects. Hybrid intrusion detection systems combine both the network and host-based systems (Alenezi and Reed, 2012).
There are two general forms of DoS attacks: those that crash services and those that flood services. DoS attacks are implemented by either forcing the targeted computer to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately (Silica Kole, 2013).
1.2 STATEMENT OF THE PROBLEM
Firstly, with the relatively immature network infrastructure, many network operators don’t have the ability to inspect network traffic well enough to distinguish DDoS attacks from harmless traffic. Secondly, gateways that link IPv4 and IPv6 must store lots of ‘state’ information about the network traffic they handle, and that essentially makes them weaker and breakable. Divers challenges has been encountered in the network environment, where attackers spoof source IP addresses, and send out an indefinite quantity of packets attack that is above the average size or magnitude of IP addresses space. which consumes bandwidth, memory, CPU cycles, and any other resource that is necessary for normal operation. Due to the fact that IP’s occupies such a relatively small space, Internet security implementations are not taken into full consideration. This leaves a lot of networks vulnerable to various DDoS attacks. DDoS (such as SYN Flood) attack has posed a lot of threat on IP’s.
Various algorithms and models has been used to effectively address this problem. It is very important to develop a system capable of detecting various forms of attack on IP’s. Neural systems have effective learning calculations, and had been introduced as a contrasting option to computerize the improvement of tuning fuzzy frameworks.Neural systems present its computational attributes of learning in the fuzzy frameworks and get from them the translation and clarity of frameworks representation.This project work will make use of a model and algorithm to effectively address these situations.
1.3 MOTIVATION
The motivations for this research study are:
1.4 AIM AND OBJECTIVES
The project aim is to simulate and detect DDoS (TCP SYN) Flooding attacks on IPV4 and IPV6 using an ANFIS model and Neuro-Fuzzy algorithm to compare the performance analysis.
OBJECTIVES
1.5 CONTRIBUTION TO KNOWLEDGE
This research work will make use of the proposed system to assist with prompt and accurate detection of DDoS attack on Ipv4 and Ipv6 so as to be able to ascertain the performance analysis of various network traffic and able to deduce the most suitable protocol for a particular network.
1.6 PROJECT ARRANGEMENT
Chapter one: Is the introduction of the project and it comprises background, statement of the problem, motivation, project aim and objectives, project methodology, contribution to knowledge and definitions of some terms used.
Chapter two: Contains an extensive literaturereview on various DDoS attacks. This will provide an in-depth knowledge of how to mitigate various form attacks.
Chapter three: Contains research methodology and it comprises requirement specification, analysis, design and also contains UML (Unified Modelling Language) diagrams that describes how the system works.
Chapter four: Contains the implantation procedure which consist of screen shots of the results and detailed discussion on how each component of the system works.
Chapter five: Conclusion of the work and proffers recommendation.