A Methodology to Evaluate Rate-Based Intrusion Prevention System against Distributed Denial-of-Service (DDoS)

Buchanan, W., Flandrin, F., Macfarlane, R., Graves, J. (2011). A Methodology to Evaluate Rate-Based Intrusion Prevention System against Distributed Denial-of-Service (DDoS). In: (Ed.) Cyberforensics 2011, , () ( ed.). (pp. ). : . .


ISBN:
ISSN:

Abstract

This paper defines a methodology for the evaluation of a Rate-based Intrusion Prevention System (IPS) for a Distributed Denial of Service (DDoS) threat. This evaluation system uses realistic background traffic along with attacking traffic, with four different DDoS attacks. The evaluation metrics are defined using Snort for: rate of packet loss; time to respond; available bandwidth; latency; reliability; CPU loading; and memory usage. The results show that system is effective in handling a low-throughput DDoS attack, but when a rate of 6 000 pps of malicious traffic is reached, Snort starts to drop malicious and legitimate packets, in at the same rate of loss. It also shows that the IPS operates well up to traffic throughputs up to 1Mbps.
[Read More]

Authors

William Buchanan
Director of CDCS
w.buchanan@napier.ac.uk
+44 131 455 2759
Richard Macfarlane
Lecturer
r.macfarlane@napier.ac.uk
+44 131 455 2335
Jamie Graves
Affiliate Research Fellow
j.graves@napier.ac.uk
+44 131 455

Areas of Expertise

Cyber-Security
Electronic information now plays a vital role in almost every aspect of our daily lives. So the need for a secure and trustworthy online infrastructure is more important than ever. without it, not only the growth of the internet but our personal interactions and the economy itself could be at risk.

Associated Projects