Analysis and Mitigation of DDoS Vulnerabilities in Network Infrastructure using Hierarchical Clustering and IPTables Firewall Techniques
Article Sidebar
Read Counter : 2
Download : 1
Main Article Content
Abstract
Network Security infrastructure including routers and server devices, which are connected directly to the global internet has become an important issue along with the increase in internet communications in maintaining the confidentiality, integrity and availability of digital communications. The most challenging problem is the network infrastructure for exploiting a monoculture of routers and servers and detecting Distributed Denial-of-Service (DDoS) attacks. This research aims to combine analysis and mitigation techniques with Hierarchical Clustering single linkage, complete linkage, average linkage and ward linkage as well as IPTables firewall filtering mitigation measures, to analyze DDoS logging data on NIDS suricata, with low, medium and high severity levels exploited from the network public. Clusteirng single linkage deployments produces cluster 3 with a DDoS logging intensity level of high severity, on the TCP Sync Flood protocol type. Cluster 3 shows high severity for the source IP address. The complete linkage clustering technique also provides significant results with a large number of potential DDoS logging, found in cluster 1 and cluster 2. The results of the average linkage distribution show a group with a low average severity level for DDoS. The Ward linkage clustering produces a more uniform group of attributes for each n_clusters 1 to cluster 6. Implementation of mitigation techniques with IPSet and firewall scripting IP Tables provides positive results in reducing the workload of router and vServer devices when facing DDoS attacks. After convergence, the running status resulted in the workload of vCPU resources experiencing a decrease in the percentage of vCPU vR1 by 10%, vCPU vR2 by 9% and memory by 11%.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
The proposed policy for journals that offer open access
Authors who publish with this journal agree to the following terms:
- Copyright on any article is retained by the author(s).
- Author grant the journal, right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work’s authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal’s published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
- The article and any associated published material is distributed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License
References
Abdullayeva, F. J. (2022). Distributed denial of service attack detection in E-government cloud via data clustering. Array, 15(December 2021), 100229. https://doi.org/10.1016/j.array.2022.100229
Adedeji, K. B., Abu-Mahfouz, A. M., & Kurien, A. M. (2023). DDoS Attack and Detection Methods in Internet-Enabled Networks: Concept, Research Perspectives, and Challenges. Journal of Sensor and Actuator Networks, 12(4). https://doi.org/10.3390/jsan12040051
Alzahrani, R. J., & Alzahrani, A. (2021). Security analysis of ddos attacks using machine learning algorithms in networks traffic. Electronics (Switzerland), 10(23). https://doi.org/10.3390/electronics10232919
Damanik, H. A. (2022). Securing Data Network for Growing Business Vpn Architectures Cellular Network Connectivity. Acta Informatica Malaysia, 6(1), 01–06. https://doi.org/10.26480/aim.01.2022.01.06
Damanik, H. A., & Anggraeni, M. (2024). Pola Pengelompokan dan Pencegahan Public Honeypot menggunakan Teknik K-Means dan Automation Shell-Script. 12(1), 65–79.
Faiz, M. N., Somantri, O., & Muhammad, A. W. (2022). Machine Learning-Based Feature Engineering to Detect DDoS Attacks. Jurnal Nasional Teknik Elektro Dan Teknologi Informasi |, 11(3), 176–182.
Gupta, A. (2018). Distributed Denial of Service Attack Detection Using a Machine Learning Approach. Calgary, Alberta, (April) . https://doi.org/10.11575/PRISM/32797
Haseeb-ur-rehman, R. M. A., Aman, A. H. M., Hasan, M. K., Ariffin, K. A. Z., Namoun, A., Tufail, A., & Kim, K. H. (2023). High-Speed Network DDoS Attack Detection: A Survey. Sensors, 23(15). https://doi.org/10.3390/s23156850
Huang, C., Han, J., Zhang, X., & Liu, J. (2019). Automatic identification of honeypot server using machine learning techniques. Security and Communication Networks, 2019. https://doi.org/10.1155/2019/2627608
Jasim, M. N., & Gaata, M. T. (2022). K-Means clustering-based semi-supervised for DDoS attacks classification. Bulletin of Electrical Engineering and Informatics, 11(6), 3570–3576. https://doi.org/10.11591/eei.v11i6.4353
Jose, S., Malathi, D., Reddy, B., & Jayaseeli, D. (2018). A Survey on Anomaly Based Host Intrusion Detection System. Journal of Physics: Conference Series, 1000(1). https://doi.org/10.1088/1742-6596/1000/1/012049
May, A., & Koay, Y. (2019). Detecting High and Low Intensity Distributed Denial of Service (DDoS) Attacks. 1–188.
Patel, M. (2020). Demilitarized Zone An Exceptional Layer of Network Security to Mitigate DDoS Attack. 62. https://scholar.uwindsor.ca/etd/8306
Praptodiyono, S., Firmansyah, T., Anwar, M. H., Wicaksana, C. A., Pramudyo, A. S., & Al-Allawee, A. (2023). Development of Hybrid Intrusion Detection System Based on Suricata With Pfsense Method for High Reduction of Ddos Attacks on Ipv6 Networks. Eastern-European Journal of Enterprise Technologies, 5(9(125)), 75–84. https://doi.org/10.15587/1729-4061.2023.285275
Putri, N. A., Stiawan, D., Heryanto, A., Septian, T. W., Siregar, L., & Budiarto, R. (2017). Denial of service attack visualization with clustering using K-means algorithm. ICECOS 2017 - Proceeding of 2017 International Conference on Electrical Engineering and Computer Science: Sustaining the Cultural Heritage Toward the Smart Environment for Better Future, 177–183. https://doi.org/10.1109/ICECOS.2017.8167129
Shah, S. A. R., & Issac, B. (2018). Performance comparison of intrusion detection systems and application of machine learning to Snort system. Future Generation Computer Systems, 80, 157–170. https://doi.org/10.1016/j.future.2017.10.016
She, C., Wen, W., Zheng, K., & Lyu, Y. (2016). Application-Layer DDoS Detection by K-means Algorithm. 50(Iceeecs), 75–78. https://doi.org/10.2991/iceeecs-16.2016.16
Shutaywi, M., & Kachouie, N. N. (2021). Silhouette analysis for performance evaluation in machine learning with applications to clustering. Entropy, 23(6), 1–17. https://doi.org/10.3390/e23060759
Vanin, P., Newe, T., Dhirani, L. L., O’Connell, E., O’Shea, D., Lee, B., & Rao, M. (2022). A Study of Network Intrusion Detection Systems Using Artificial Intelligence/Machine Learning. Applied Sciences (Switzerland), 12(22). https://doi.org/10.3390/app122211752
Yamamoto, Y., & Yamaguchi, S. (2023). Defense Mechanism to Generate IPS Rules from Honeypot Logs and Its Application to Log4Shell Attack and Its Variants. Electronics, 12(14), 3177. https://doi.org/10.3390/electronics12143177