Abstract
Distributed denial-of-service (DDoS) attacks have grown to be a major concern for businesses and individuals who use the internet for operations and communications. DDoS attacks have the potential to seriously harm a website or online service, resulting in losses in money and reputational damage. In this research, we propose a cost-optimized and multi-layered DDoS protection architecture that utilizes a firewall, IDS/IPS, reverse proxy, and web server cluster. The architecture offers protection from a variety of DDoS attacks, including volumetric, network-layer, application-layer, and SSL attacks. We test the architecture in real-world scenarios and analyzed the results to determine how effective it is. We demonstrate that our architecture is capable of successfully mitigating DDoS attacks while maintaining the availability of the website to legitimate users through extensive testing and analysis of test results. Our research shows that the suggested architecture for DDoS protection is affordable and simple to integrate into existing systems.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Zhou W, Jia Y, Peng A, Zhang Y, Liu P. The effect of IoT new features on security and privacy: new threats, existing solutions, and challenges yet to be solved. IEEE Internet Things J. 2019;6:2. https://doi.org/10.1109/JIOT.2018.2847733.
Raja G, Anbalagan S, Vijayaraghavan G, Theerthagiri S, Suryanarayan SV, Wu XW. SP-CIDS: secure and private collaborative IDS for VANETs. IEEE Trans Intel Trans Syst. 2021;22:7. https://doi.org/10.1109/TITS.2020.3036071.
Dimolianis M, Pavlidis A, Maglaris V. Signature-based traffic classification and mitigation for DDoS attacks using programmable network data planes. IEEE Access. 2021;9:113061–76. https://doi.org/10.1109/ACCESS.2021.3104115.
Gaylah KD, Vaghela RS. Mitigation and prevention methods for distributed denial-of-service attacks on network servers. Adv Smart Comp Infor Sec. 2022;11:70–82.
Smikle L. The impact of cybersecurity on the financial sector in Jamaica. J Financ Crime. 2022. https://doi.org/10.1108/JFC-12-2021-0259.
Bhayo J, Hameed S, Shah SA. An efficient counter-based DDoS attack detection framework leveraging software defined IoT (SD-IoT). IEEE Access. 2020. https://doi.org/10.1109/ACCESS.2020.3043082.
Liu T, Wang H, Zhang Y. A traffic anomaly detection scheme for non-directional denial of service attacks in software-defined optical network”. Comput Secur. 2022. https://doi.org/10.1016/j.cose.2021.102467.
Chaabouni N, Mosbah M, Zemmari A, Sauvignac C, Faruki P. Network intrusion detection for IoT security based on learning techniques”. IEEE Commun Surv Tutor. 2019;21:3. https://doi.org/10.1109/COMST.2019.2896380.
Li Y, Zhao Y, Li J, Yu X, Zhao Y, Zhang J. DDoS attack mitigation based on traffic scheduling in edge computing-enabled TWDM-PON. IEEE Access. 2021;9:166566–78. https://doi.org/10.1109/ACCESS.2021.3134671.
Chaganti R, et al. A comprehensive review of denial of service attacks in blockchain ecosystem and open challenges. IEEE Access. 2022;10:96538–55. https://doi.org/10.1109/ACCESS.2022.3205019.
Boyle P (2000) Global Information Assurance Certification Paper Distributed Denial of Service Attack Tools: trinoo and wintrinoo A Research Report Submitted in Partial Fulfilment of the SANS GIAC Program. [Online]. Available: http://www.giac.org/registration/gsec
Erhan D, Anarim E. Hybrid DDoS detection framework using matching pursuit algorithm. IEEE Access. 2020;8:118912–23. https://doi.org/10.1109/ACCESS.2020.3005781.
Rios VDM, Inacio PRM, Magoni D, Freire MM. Detection and mitigation of low-rate denial-of-service attacks: a survey. IEEE Access. 2022;10:76648–68. https://doi.org/10.1109/ACCESS.2022.3191430.
Tayyab M, Belaton B, Anbar M. ICMPV6-based DOS and DDoS attacks detection using machine learning techniques, open challenges, and blockchain applicability: a review. IEEE Access. 2020;8:170529–47. https://doi.org/10.1109/ACCESS.2020.3022963.
Wang Y-C, Wang Yi-C. Efficient and low-cost defense against distributed denial-of-service attacks in SDN-based networks. Int J Commun Syst. https://doi.org/10.1002/dac.4461.
Brew SK, Ahene E. threat landscape across multiple cloud service providers using honeypots as an attack source. Front Cyber Sec. 2022. https://doi.org/10.1007/978-981-19-8445-7_11.
Fotiadou K, Velivassaki TH, Voulkidis A, Skias D, Tsekeridou S, Zahariadis T. Network traffic anomaly detection via deep learning. Information (Switzerland). 2021;12:5. https://doi.org/10.3390/info12050215.
Sharma NV, Kavita GA, Sharma S. Performance study of snort and suricata for intrusion detection system. IOP Conf Ser Mater Sci Eng. 2021;1099:1. https://doi.org/10.1088/1757-899x/1099/1/012009.
Perez-Diaz JA, Valdovinos IA, Choo KKR, Zhu D. A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning. IEEE Access. 2020;8:155859–72. https://doi.org/10.1109/ACCESS.2020.3019330.
Umam C, Handoko LB, Rizqi GM. implementation and analysis high availability network file system based server cluster. J Transf. 2018. https://doi.org/10.26623/transformatika.v16i1.841.
Wang M, Lu Y, Qin J. A dynamic MLP-based DDoS attack detection method using feature selection and feedback. Comput Secur. 2020. https://doi.org/10.1016/j.cose.2019.101645.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interest
On behalf of all authors, the corresponding author states that there is no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the topical collection “Soft Computing Solutions for Secured & Smart Applications guest edited by Sridaran Rajagopal and Kalpesh Popat”.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Gaylah, K.D., Vaghela, R.S. & Zongo, WB.S. A Cost Optimized Solution for Defending Against DDoS Attacks: An Analysis of a Multi-layered Architecture. SN COMPUT. SCI. 4, 631 (2023). https://doi.org/10.1007/s42979-023-02001-x
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s42979-023-02001-x