ABSTRACT

Distributed Denial of Service (DDoS) attacks are threats not only for the direct targets but

also for the core of a network. These attacks can be so powerful that they can easily

deplete the computing resources or bandwidth of the potential targets, by flooding

packets on the intended server. They are also hard to detect in advance, hence methods to

deal with them need to be proactive, but several researchers used reactive methods to deal

with DDoS attacks. Building on an existing work which used SHA1 hashing method to

encapsulate token, a proactive method was enhanced known as Enhanced Cluster Based

(E-CluB) proactive framework used to improve on the distribution control aspects. The

E-CluB aims at mitigating DDoS attacks by keeping the network performance

degradation as little as possible using virtual machines to launch the DDoS attack using

the Kali Linux Operating System. E-CluB also used Open Shortest Path First (OSPF) as

its routing policy in the anycast network, including contemporary datagram options. The

granularity of the existing system used 100% of its routers as the checking routers and the

proposed system used 1% and achieved a better granularity control with respect to the

efficiency filtering in the E-CluB. The proposed and existing systems were compared

based on latency of transmission, granularity control and filtering efficiency of DDoS

attacks using the wireshark analyzer and an improvement of 41.2% was achieved.

CHAPTER ONE: INTRODUCTION

In this chapter, we introduce the background to the study, problem statement, motivation,

aim and objectives, research methodology, expected contribution to knowledge and the

organization of the dissertation.

1.1 Background to the Study

Computer Networking is considered a branch in Computer Science, Electrical

Engineering, Information Technology or Computer Engineering as they all rely on both

practical and theoretical aspect of Network application in our society today. Computer

Networks were originally developed to connect number of devices through wires so that

devices can share some information and data with each other, but with the increase in the

number of entities which needs network access and are not physically attached to any

wired network, then the wireless network was developed to serve. These wireless

networks are computer network that utilizes wireless connection network. There are two

categories of wireless network namely:

a. Infrastructure Network

b. Infrastructure-less Network

Infrastructure Network are networks that contains fixed and wired gateways and the

Infrastructure-less Network are networks that contains multi-hop wireless nodes and it

has no fixed infrastructure (Kaur and Kaur, 2013).

Routing is the process of transferring a packet from source to its destination. In a routing

process, the wireless sensor node will search for a path or route to communicate with the

other nodes in the network. Protocols are set of activities or rules through which two or

more devices communicate with each other. Routing is also the process of selecting best

path in a network; it could also mean forwarding of network. It is performed in many

1

kinds of network which includes Circuit Switching and Packet Switching. Some Routing

schemes used in delivering semantics are: (Kaur and Kaur, 2013)

a. Unicast – it delivers to a single node

b. Anycast – it delivers to many of a group node

c. Multicast – delivers to a group of nodes

Anycast is a method used to advertise one IP address from multiple points in the network

topology, and with the help of dynamic routing method, the traffic is delivered to the

nearest point. Anycast is a technique used to deliver packet to the closest in a group

(Patridge et al., 1993).

Figure 1.1: Anycast Network Topology (data:image/anycast-dns1.jpg)

A Denial of Service (DoS) attack is an attempt by the adversary to prevent the legitimate

users of a service from using that service. Generally speaking, any attack that can saturate

or exhaust system resources or get the system into fault status or sometimes even crashes

should be identified as a DoS attack. DoS problems are not new, as they have been there

for more than 20 years and keep evolving over time. The first well-known DoS is the

Morris Worm which is an Internet worm developed by a graduate student (Zhang, 2012).

2

Nowadays, DoS attacks are usually launched in a distributed way: the attack traffic is

from many attacking sources and the aggregated traffic volu