چكيده به لاتين
Distributed Denial of Service attacks (DDoS) do malicious attempts to prevent authorized users from accessing requested resources. These attacks take advantage of server weaknesses through resource depletion or bandwidth depletion. In this way, flood attacks send session requests to that exceed the standard limit or send sessions with a large amount of request, or the rate of communication requests sent by the storm attacks is more than allowed by users. In order to overcome these weaknesses, there should be a threshold level for the number of requests sent to the attacked site so that, while increasing the security of the network and preventing the intrusion of attacks, the quality of customer service is also guaranteed by reducing the probability of inaccuracy of intrusion detection. This threshold level, which is referred to as β, is the basis for identifying the distinction between attacking and not attacking user requests in defense against DDoS attacks. Therefore, to assess the accuracy and power of a defense method against DDoS attacks, two criteria are defined: (1) FRR: the proportion of requests by authorized users rejected to the total rejected requests. (2) FAR: The proportion of requests by unauthorized users accepted to all accepted requests. A good defense mechanism against DDoS attacks is a mechanism that minimizes the two top criteria. Minimizing the FRR ratio is more important than FAR, because it deals with the customer's experience with an online website or online database. In fact, the more the exact is β, FRR can be reduced. As described in the theoretical foundations of the research, the router B is configured to be sensitive to bandwidth depletion or resource depletion and β defines this sensitivity. This is defined by the definition of two criteria as follows: The average number of packets received by the router B and the average traffic load input to the router B. The deviations from the two criteria are called DFA, and the index is compared with β to determine whether a request is DDoS attack or not. DFA is the average deviation of the input traffic that if the input value exceeds the threshold value of β, it is identified as an attack, or if it is located in a specific domain of β it is identified as the authorized user.
In previous research, β is based on prior experiences or hypothetical research by the researcher. In fact, one of the weaknesses of defensive methods in determining β is to simply calculate it. In other words, determining precisely the threshold value is directly related to identifying or not accurately identifying DDoS attacks. The innovation of this research is to calculate β in a more precise way, so that the FAR and FRR coefficients can be lowered and improve the defense against DDoS. In this regard, the thesis presents a new method for calculating the threshold using time series, moving average, and autoregressive models. Then, using the simulation in NetLogo Software, taking into account the threshold parameter β (simple and proposed research),
118
118
منابع
FAR, FRR and the success rate of intrusion detection, we appraise the proposed corrective method of calculating the β threshold in improving the performance of the defense method against DDoS In comparison with traditional.
