ASSESSING THE EFFECTIVENESS OF DDOS MITIGATION STRATEGIES THROUGH NETWORK EMULATION

Abdul Qadir; Dr Muhammad Sajid Qureshi

Authors

Abdul Qadir
Dr Muhammad Sajid Qureshi

Abstract

Research domain or Background The Distributed Denial of Service (DDoS) attacks pose among the most persistent and increasingly threatening problems in the modern age of network infrastructure due to their capability to exhaust the bandwidth, processing capabilities, connection tables, and memory of the targeted system. Research Problem Efficiently emulating such attack scenarios under economically feasible circumstances and in a controllable manner is indeed difficult yet highly necessary for academic and commercial security assessment purposes. Research Objective In this paper, we conduct an organized and well-designed emulation experiment involving a simulation of DDoS attacks (specifically ICMP, UDP, and TCP SYN floods) on a real-world network configuration consisting of Cisco routers and switches, a web server, legitimate client machines, and a Kali Linux machine acting as the attacking agent. Research Design/Methodology Five layers of mitigation techniques have been used and tested; these included VLAN segmentation, access control list (ACL), port security, rate limit, and Quality of Service (QoS). Research Findings The experimental data shows that the application of all these techniques reduces the influence of a DDoS attack on legitimate traffic but also does not affect their performance. Research Limitations Statistical analysis proves that GNS3 is efficient in testing DDoS attacks at medium to lower rates because the maximum attack traffic was set at 10,000 packets per second and 100 megabits bandwidth. This research highlights important issues associated with scalability, diversity, and effectiveness of simulation, attack, and protection mechanisms, and suggests research directions including ML attack detection and SDN techniques.

Keywords : DDoS, Network Emulation, GNS3, ICMP Flood, TCP SYN Flood, UDP Flood, ACL, VLAN, QoS, Rate Limiting, Port Security, Kali Linux, hping3, Network Security, Botnet Simulation, Traffic Analysis.