روشی برای شناسایی و جلوگیری از حملات DDoS در پردیس دانشگاه An approach for detecting and preventing DDoS attacks in campus

1. INTRODUCTION The denial of services attacks are generally described as actions where legitimate users or Institutions are dispossessed of certain services (network connectivity, web or e-mail). The distributed denial of services attacks are mainly used for flooding a particular server with huge useless information. The botnets are the major vectors to be taken into consideration to divert the DDoS attacks. There are more than 50% colleges attacked by cyber-attacks in one year, such as viruses/worms/trojans/malware, unauthorized access or DDoS. Those attacks may cause crash of campus network (system or device), network access interruption, service system and terminal system destruction, and illegal access, extremely affecting normal operation of campus network. The main goal is to perpetrate damage on the victim. Frequently the ulterior motives are personal reasons (a significant number of DDoS attacks are effected against home computers, presumably for purposes of revenge), or prestige (successful attacks on popular Web servers gain the respect of the hacker community). However, some DDoS attacks are performed for material gain (damaging a competitor’s resources or blackmailing companies) or for political reasons (a country at war could perpetrate attacks against its enemy’s critical resources, potentially enlisting a significant portion of the entire country’s computing power for this action). In some cases, the true victim of the attack might not be the actual target of the attack packets, but others who rely on the target’s correct operation [1]. The idea behind a DOS or DDoS attack is simple – it’s to take down the server. Normally attacks such as these are done to major sites as we pointed out earlier in this article, because they are high profile and affect a large amount of customers. There are different ways this can be done but they all do the same thing. DDoS threat attacks the following services [2]: • Network Bandwidth. • Server memory. • CPU usage. • Database space. • Hard disk Space. Our approach is to develop an improved algorithm by considering previously defined methodologies of snort IDS tool by adding a new approach in snort detection engine to identify the DoS and DDOS attacks. This engine filters all the files and loads the attacked or infected files into its loader by “.conf” file command. With the help of this, an efficient detection can be done. However, security, accuracy and reliability will be the main concern during the detection process. The main objective of the study is to analyze the problems, prospective and opportunities of various aspects in IDS Snort.