INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND MATHEMATICAL THEORY (IJCSMT )

E-ISSN 2545-5699
P-ISSN 2695-1924
VOL. 9 NO. 4 2023


Analysis of Linux Kernel Iptables for Mitigating DDOS Attacks; A Component-Based Approach

Ike, Uche Kingsley , Ononiwu, Chamberlyn & Onumajuru, Joy Sonia


Abstract


Denial-of-Service (DoS) is a network security problem that constitutes a serious challenge to reliability of services deployed on the servers. DoS attacks aim is to exhaust a resource in the target system, reducing or completely subverting the availability of the service provided. Threat of DoS attacks has become even more severe with DDOS (Distributed Denial-of-Service) attacks. DDOS is an attempt by malicious users to carry out DoS attack indirectly with the help of many compromised computers on the Internet. Service providers are under mounting pressure to prevent, monitor and mitigate DoS/DDOS attacks directed towards their customers and their infrastructure. Defending against these types of attacks is not a trivial job, mainly due to the use of IP spoofing and the destination-based routing of the Internet. Literatures abound on DDOS attacks and mitigation strategies while many scholars attempt to demonstrate the effectiveness of one strategy against another. This paper however explores the Linux kernel firewall iptables, a defence-mechanism inherent in the Linux operating system capable of detecting intrusions and mitigating attacks. The paper is organized such that it presents the motivation for DDOS, various DDOS classifications and architecture, illustrates types of DDOS attacks and then extensively reviews iptables using a component based approach to show its efficient packet-filtering and analysis technique capable of mitigating DDOS attacks


keywords:

DoS, DDOS, Linux operating system, Security, Firewall, IP Tables.


References:


Abhilash, C.S. & Sunil, K.P. (2011) “Mitigation of Distributed Denial of Service (DDOS)
Threats”. Conference on advances in computational techniques (CACT)

Arun, R. & Selvakumar, S. (2011) “Distributed Denial of Service Attack Detection Using an
Ensemble of Natural Classifier”. International Journal of Computer Communication. Elsevier
publication United Kingdom vol. 34.

Gligor, V.D., & Yu, C.F. (1990) “A specification and verification method for presenting Denial of
Service. IEEE trans. Software, vol.6 issue 6.


DOWNLOAD PDF

Back


Google Scholar logo
Crossref logo
ResearchGate logo
Open Access logo
Google logo