Development of a Traffic Analyzer for the Detection of DDoS Attack Source

Abstract

Distributed Denial of Service (DDoS) attack has been the most devastating attack on computer network and internet at large. Several techniques have been deployed to mitigate this attack. However, detecting the source of DDoS attack remains unsolved in the literature. The aim of this paper is to develop a traffic analyzer for the detection of DDoS attack source. The approach used consists of sniffing, analysis and isolation of source and destination IP address with their respective timestamp of packets that flow through the network in which system was deployed. Traffic analyzer has the ability of saving the captured packet for possible examination and analysis by forensic expert. Traffic Analyzer was developed as a console based application using python programming language which is limited to run on Linux distribution. A network was simulated using GNS3 consisting of the attacker and the victim machine (both run on kali Linux). The result of this work was shown after the developed traffic analyzer was used to collect traffic from the simulated victim machine, thereby showing the traffic and their header information. The arrival time of each IP address that comes inside the network was logged. With this the analyzer was used to determine the type and source of DDoS attack