Affiliation:
1. Jawaharlal Nehru Technological University (JNTU)
2. Gayatri Vidya Parishad College of Engineering (GVPCE)
Abstract
Currently, the internet serves as the predominant means of communication and is utilized by a vast number of individuals worldwide. Simultaneously, the commercial aspect of the internet is contributing to a rise in susceptibility to cybercrimes, leading to a significant surge in the occurrence of distributed Denial of Service (DDoS) assaults over the last decade. DoS/DDoS assaults primarily target network resources such as network bandwidth, CPU time, memory consumption, web servers, and network switches. Network security is an essential and crucial problem in the modern interconnected society. Numerous studies have been undertaken by multiple researchers thus far in order to identify this attack. However, there is still room for improvement in past investigations. This paper presents a novel approach for detecting and simulating DoS/DDoS attacks in modern networking environments, introducing a new paradigm. It is done in a controlled environment. The primary focus of this work is to simulate an attacker's perspective of a DoS/DDoS attack by repeatedly sending huge SYN flood packets to a specific target or network server using the hping3 tool. On the server side, the proposed attacker detector script continuously monitors incoming network connections on the network server using the netstat command. It identifies potential DoS/DDoS attacks by analyzing the connection count and comparing connections count with an assumed threshold. This experiment results in 61% CPU usage and 7.1% memory consumption while a DDoS attack triggers on the target server. Additionally, the proposed script performs statistical analysis and displays warning messages on the console when suspicious activity is detected on the network server. Wireshark is also utilized in this work to detect anomalous network traffic patterns in order to identify distributed denial-ofservice (DDoS) attacks that are targeting a network server. Additionally, it offers the capability to block the IP address of the attacker if the configuration allows for it. This proposed approach efficiently identifies DDoS activity in real-time network traffic, further helping to improve network security.