Network Forensics Against Volumetric-Based Distributed Denial of Service Attacks on Cloud and the Edge Computing

Abstract

Cyber attacks are increasingly rampant and even damage the reputation of companies, agencies, and services. DDoS attacks have been overgrowing in the last year, which has resulted in substantial losses. Volumetric-based Distributed Denial of Service (DDoS) is a hazardous attack type because it can consume server resources, causing the server to be unable to serve customer requests. The network design consisting of hardware and software becomes the essential capital that is a determinant of the quality of a network in the long term. A firewall is one way to stop the occurrence of DDoS. Forensics and mitigation in this study apply Packet Filtering Firewall and Circuit Level Gateway Firewall against ICMP-Flood DDoS attacks. The research methodology is a simulated experiment on cloud and edge computing networks. Forensics and mitigation in cloud computing are carried out at layer 3, the Internet Protocol layer TCP/IP model, by applying a Packet-Filtering Firewall with a success rate of 64%-69% traffic reduction. In contrast, the success of reducing server resource usage is 73.75%. At the same time, Edge computing is carried out at layer 4, namely the Transport Protocol layer TCP/IP model, by applying a Circuit-Level Gateway Firewall with a success rate of reducing traffic by 55%-98.88%. In comparison, the success of lowering server resource usage is 96% and restoring traffic and paralyzed servers to normal position.