A Tool to Mitigate Denial of Service Attacks on Wired Networks  
  Authors : George Kyambadde; John Ngubiri


Presently, several institutions share information, resources, and files over computer networks. Network environments are susceptible to various security risks including computer viruses, Trojans, and malicious malware, making networks inefficient due to exhausted bandwidth and computing resources. Ultimately, compromised networks/servers are made unavailable to legitimate users. Such a security problem is called a Denial-of-Service (DoS) attack. It is imperative to mitigate DoS attacks immediately. This study presented a tool based on a packet filtering approach, used to mitigate flooding attacks. This was an experimental study conducted in an environment similar to the production environment of the project case study. The developed prototype consists of the mitigation and tracking modules. To evaluate the responsiveness of the proposed system, its performance was compared with an Uncomplicated Firewall (ufw) (Ubuntu default firewall), we experimented with the firewall and the proposed system independently but in similar environment. Results indicated that the prototype system ably mitigated the DoS flooding attacks (UDP and ICMP flooding attacks) and also responded fairly faster than Ubuntu standard firewall.


Published In : IJCAT Journal Volume 5, Issue 9

Date of Publication : September 2018

Pages : 102-107

Figures :08

Tables :--

Publication Link :A Tool to Mitigate Denial of Service Attacks on Wired Networks




George Kyambadde : received Bsc in Computer Science of Makerere University in 2012. He received Msc in Computer Science of Makerere University in 2017. He is currently working as a Lecturer at the School of Business and Applied Technology, Clarke International University. His current research interests include; security, and Machine Learning.

John Ngubiri : a Senior Lecturer at the Department of Computer Science, College of Computing and Information Science, Makerere University. He holds a PhD in Computer Science of Radboud University Nijmegen. His research interests are in performance evaluation, System optimization, security and parallel and distributed systems.








UDP flooding attack, ICMP flooding attack, Mitigation, Firewall















In this study, we designed and implemented a prototype system capable of automatically executing appropriate mitigation responses. The prototype has an update_deamon module that allows for decision making based an earlier action taken on related packets. This module allows for a fairly faster responsiveness compared to the standard Ubuntu firewall as shown in the above results' section; ultimately, the prototype presents a more effective solution to the problem of DoS flooding attacks specifically on wired networks.










[1] Dobbins R., Morales C., Anstee D., Arruda J., Bienkowski T., Hollyman M., Labovitz C., Nazario J., Seo E., and Shah R. "Worldwide Infrastructure Security Report. Tech. rep., Arbor Networks," 2010. [2] David D., Guofei G., Christopher P., Wenke L. "A Taxonomy of Botnet Structures," Proc. of Annual Computer Security Applications Conference (ACSAC), pp. 325-339, December 2007. [3] [Online]. Available: www.arbornetworks.com. [4] Kargl F.,Maier."Protecting web servers from distributed denial of service attacks," 2001. [5] Roman J., Radek B., Radek V., and Libor s. "Launching distributed denial of service attacks by network protocol exploitation," in In Proceedings of the 2nd international conference on Applied informatics and computing theory. AICT'11. World Scientific and Engineering Academy and Society (WSEAS, Stevens Point, Wisconsin, USA, 2011. [6] Ghorbani A., Lu W. and Tavallaee . "Network Intrusion Detection and Prevention: Concepts and Techniques, Springer", 2010. [7] Y. Xia, "Selective Dropping of Rate Limiting Again Denial of Service Attacks," University of Dayton, 2016. [8] AL-Musawi, Bahaa Qasim M., "MITIGATING DoS/DDoS ATTACKS USING IPTABLES," International Journal of Engineering & Technology pp. 101 - 111, June 2012. [9] Chatterjee, Koushik. "Design and Development of a framework to mitigate Dos/DDos attacks using IPTable firewall," International Journal of Compouter Science and Telecommunication, pp. 67 - 72, 2013. [10] H. Wang, C. Jin, and K. G. Shin. "Defense Against Spoofed IP Traffic Using Hop-Count Filtering," IEEE/ACM Trans. On Networking, vol. 15, pp. 40-53, February 2007. [11] I. Ward, "Speedometer 2.8 excess.org," 02 April 2015. [Online]. Available: http://excess.org/speedometer/. [12] G. o. Security, "GBHackers on Security," [Online]. Available: https://gbhackers.com/hping3-networkscanner- packer-generator/. [Accessed 20 January 2016].