Abstract
Denial of Service (DOS) and (DDOS) Distributed Denial of Service attacks have become a major security threat to university campus network security since most of the students and teachers prepare online services such as enrolment, grading system, library etc. Therefore, the issue of network security has become a priority to university campus network management. Using online services in university network can be easily compromised. However, traditional security mechanisms approach such as Defense-In-Depth (DID) Model is outdated in today’s complex network and DID Model has been used as a primary cybersecurity defense model in the university campus network today. However, university administration should realize that Defense-In-Depth (DID) are playing an increasingly limited role in DOS/DDoS protection and this paper brings this fact to light. This paper presents that the Defense-In-Depth (DID) is not capable of defending complex and volatile DOS/DDOS attacks effectively. The test results were presented in this study in order to support our claim. The researchers established a Defense-In-Depth (DID) Network model at the Central Luzon State University and penetrated the Network System using DOS/DDOS attack to simulate the real network scenario. This paper also presents the new approach Defense-through-Deception network security model that improves the traditional passive protection by applying deception techniques to them that give insights into the limitations posed by the Defense-In-Depth (DID) Model. Furthermore, this model is designed to prevent an attacker who has already entered the network from doing damage.
Highlights
Today, institutions of higher education are seeing a greater frequency of Denial of Service (DDoS)attacks
The survey shows that the Firewall, Intrusions Detection System (IDS), Intrusions Protections System (IPS), Network-Antivirus (NIDS) are the common elements of the Defense-In-Depth that most of the Higher Education Institutions acquires to protect their systems. 93% of the Higher Education Institutions believe that firewalls protect their systems in any threat vectors, 53% installed an Intrusions Detection and Prevention System and only 53% used a Network AntiVirus as their protection against Denial of Service (DOS)/Denial of Service (DoS) and (DDOS) attack
In the first simulated attack in the honeypot; the Online DOS Attack took 21.88 mins, Local Area Network (LAN) DOS Attack consumed 92.33 Mins and Figure 4 shows the sample completed test result screenshot and lastly, High Orbit Ion Cannon (HOIC) was used and this is the common tool used by the group ‘Anonymous’ in taking down the website
Summary
Institutions of higher education are seeing a greater frequency of Denial of Service (DDoS). This study exposes the limitations of passive defense protection by testing the actual DOS/DDOS attack in the target machine. The researchers established a real network environment in order to test the vulnerability of the traditional Defense-In-Depth (DID) model against DOS/DDOS. The survey shows that the Firewall, Intrusions Detection System (IDS), Intrusions Protections System (IPS), Network-Antivirus (NIDS) are the common elements of the Defense-In-Depth that most of the Higher Education Institutions acquires to protect their systems. 93% of the Higher Education Institutions believe that firewalls protect their systems in any threat vectors, 53% installed an Intrusions Detection and Prevention System and only 53% used a Network AntiVirus as their protection against DOS/DDOS attack. CPU utilization is affected by the interaction of the attacks used and the type of network
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: Bulletin of Electrical Engineering and Informatics
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.