DDoS attack and propose to develop a new system that can
DDoS attack and propose to develop a new system that can
In this assignment we are going to take a closer look at the characteristics of incoming packet and their arrival rates that make up a DDoS attack and propose to develop a new system that can categorize the clients into three modes (DEFAULT MODE, TRUSTED MODE, UNTRUSTED MODE) in order to distinguish legitimate traffic from attack traffic. Before we categorize a user as a potential threat if that user inquires the server too much(exceeds the number of attempts to connect the server during a reasonable period of time), we have analyze the data and apply some thresholds for (the number of attempts to connect the server and the reasonable time for that number, number of clients who turn to UNTRUSTED MODE which is considered a DDoS attack and the reasonable time for that number, reasonable time to stay in UNTRUSTED MODE, reasonable time to stay in TRUSTED MODE). If there are a reasonable number of clients who turned to UNTRUSTED MODE during a reasonable period of time, the system can detect that there is a true DDoS attack. We propose to create an entirely new system that can categorize the clients into three modes (DEFAULT MODE, TRUSTED MODE, UNTRUSTED MODE). When the client try to connect the server for the first time, the system will turn that client directly to DEFAULT MODE and will be allowed through a firewall to the server and its traffic will be considered legitimate unless it exceeds the number of attempts to connect the server during a reasonable period of time. If so, our system attempts to reach (ping) a client attempting to connect the server and wait for a response if that particular client already exceeds the number of attempts during a reasonable period of time which we will set after we have acquired more data for appropriate suspensions (this is to avoid any potential spoofed IP addresses during an attack). Then we can evaluate the situation as the following: If there is no reply from that particular IP address, our system will consider that IP a spoofed IP address and turn it directly to UNTRUSTED MODE and it will not be allowed through a firewall to the server. If there is a reply from that particular IP address, the system will send a verification code to that particular client then if that client successfully does the verification process will be considered a legitimate user and the system turn it to TRUSTED MODE for a reasonable period of time. Then that client will be allowed through a firewall to the server and its traffic will be considered legitimate. If the client doesn’t succeed this verification process will be considered an illegitimate user and the system turn it to UNTRUSTED MODE for a reasonable period of time. Then it will be not allowed through a firewall to the server and its traffic will be considered illegitimate. We will have to analyze the previous data to find appropriate rates before we categorize a user as a potential threat if that user inquires the server too much at that appropriate rate which is considered a potential threat. If there are a reasonable number of clients that turned to UNTRUSTED MODE during a reasonable period of time, the system can detect that there is a true DDoS attack. In this case, the system try to ping any IP address that attempt to connect the server even if that particular IP address doesn’t exceed the number of reasonable attempts to avoid any potential spoofed IP addresses with low arrival rate. If successfully ping that particular IP address, the system will turn that client directly to DEFAULT MODE and will be allowed through a firewall to the server. Then its traffic will be considered legitimate unless it exceeds the number of attempts to connect the server during a reasonable period of time. Notes: – In your experiment you have to consider three clients and one server. – Your system should be able to extract the client’s ip address and put that client in the DEFAULT MODE if the client try to connect the server for the first time. – Before you start programming you have to analyze the arrival rate from particular client to the server and setup a reasonable threshold that if the client exceed it, your system should be able to ping that client, then if there is a reply from that client, your system should be able to send a verification code to the client. f that client successfully does the verification process will be considered a legitimate user and your system turns it to TRUSTED MODE for a reasonable period of time. If the client doesn’t succeed this verification process will be considered an illegitimate user and your system turns it to UNTRUSTED MODE for a reasonable period of time. – If there are a reasonable number of clients that turned to UNTRUSTED MODE during a reasonable period of time, your system should be able to detect that there is a true DDoS attack and deal with it. – Use Python. – You should submit 4 pages for (the arrival rate analysis, each reasonable period of time analysis, the analysis of reasonable number of clients that when they turned to UNTRUSTED MODE your system can detect that there is a true DDoS attack) + the code. – You should present your experiment in the class.
"You need a similar assignment done from scratch? Our qualified writers will help you with a guaranteed AI-free & plagiarism-free A+ quality paper, Confidentiality, Timely delivery & Livechat/phone Support.
Discount Code: CIPD30
WHATSAPP CHAT: +1 (781) 253-4162
Click ORDER NOW..
