<![CDATA[Distributed Denial of Service (DDoS) are common and popular attacks on the SDN layer, namely the data plane. In this study, Athena-based Intrusion Prevention System (IPS) is applied to prevent and reduce the impact of DDoS attacks, especially TCP SYN flood and UDP flood. Two test scenarios were carried out to determine the IPS performance. The first scenario, comparing the impact of DDoS attacks without and with applied IPS to throughput and CPU usage on the controller. The second scenario, comparing the speed of the prevention function based on features in the detection model. The first test results show that IPS is able to prevent DDoS attacks as proven by the decrease in the throughput. The throughput when normal and IPS is applied against TCP SYN flood and UDP flood attacks for transmit parameters of 3956 pps, 4045 pps and 3919 pps while for receive parameters it is 4720 pps, 4793 pps and 4692 pps. IPS is also able to reduce the CPU load on the controller when those attacks are carried out each at 4.95% and 7.9%. The second test result concludes that the more appropriate and correct features are used for training, the faster IPS in recognizing the characteristics of dangerous hosts. This is proven by the average speed of prevention for each attack using 10 features each at 5.78 seconds and 5.99 seconds while the 5 features each at 12.42 seconds and 11.42 seconds. Moreover, IPS can be applied to hardware with specifications as in this study.]]>
Copyrights © 2019
