Study of Denial-of-Service attack in packet switching network models
The Packet Switching Network (PSN) is the main technology of data communication networks. The best known example of this type of network is the Internet. A Denial-of-Service (DoS) attack is a type of a network attack. The aim of a DoS attack is to make a computer resource unavailable to its intended users. The most common implementation of DoS is the distributed DoS (DDoS) attack. The attack is "distributed" because the attacker carries on his/her actions by means of multiple computers, located at various network nodes called "zombies", almost always controlled without any knowledge of their legitimate owners. In this thesis we study DDoS attacks on a PSN model of the Network Layer of the 7-Layer OSI Reference Model. The PSN model and its C++ simulator Netzwerk© has been designed and developed by Dr. Lawniczak and her collaborators and they are described in details in , , , . To study DDoS attacks we made modifications of the PSN model and the Netzwerk© simulator under this thesis. Please, refer to Appendix A that provides details of Netzwerk© simulator modification to carry the DDoS attack simulations tasks. Using the simulation results and MATLAB© software, we study how DDoS attacks affect the network performance indicators, such as Average Reduced Number of Packets in Transit (ARNPT), Average Delay Time of Packets Delivered (ADTPD), Throughput and Entropy. We also study the spatio-temporal dynamics of our PSN model for its various setups without and under DDoS attacks. We find that a DDoS attack does severely affect the network performance and the network spatio-temporal dynamics when a static routing is adopted. For dynamic routing, few attackers don't affect the network performance indicators and the spatio-temporal dynamics significantly when normal traffic load of the network is rather low. However, the attacks do increase the total amount of traffic in our PSN model regardless of load of normal traffic. Additionally, our simulations show that DDoS attacks may affect significantly patterns of packet traffic for networks with connection topologies similar to the Manhattan connection topology and using adaptive routings. They show that packet traffic may self-organize itself into a regular pattern and this self-organization may be enhanced by DDoS attacks. Our study shows that "network wide information entropy" of packet traffic monitored at selected network nodes may provide a viable method for early detection of DDoS attacks. We present various simulation results and their analysis. We outline potential future work arising from this thesis. We hope that our study can contribute to better understanding of network behaviour during DDoS attack, thus, to DDoS attack early discovery and defense against it.