Int
ern
at
i
onal
Journ
al of Ele
ctrical
an
d
Co
mput
er
En
gin
eeri
ng
(IJ
E
C
E)
Vo
l.
10
,
No.
4
,
A
ugus
t
2020
,
pp.
3685
~
36
94
IS
S
N:
20
88
-
8708
,
DOI: 10
.11
591/
ijece
.
v
10
i
4
.
p
p3
685
-
36
94
3685
Journ
al h
om
e
page
:
http:
//
ij
ece.i
aesc
or
e.c
om/i
nd
ex
.ph
p/IJ
ECE
A compr
ehensi
ve study of
distribu
ted Deni
al
-
of
-
Se
rvic
e atta
ck
with the d
etectio
n techn
iqu
es
H.
H
.
Ibr
ah
i
m
1
,
A.
E.
Ham
z
ah
2
,
H.
A.
Sa
eed
3
,
H. H.
Qa
sim
4
,
O. S.
Ha
me
d
5
,
Hussein
Y
ahy
a
Alkh
alaf
6
,
M.
I. Hamz
a
7
1
,2,3,4
Facul
t
y
of E
le
c
tri
c
al a
nd
Ele
ct
roni
c
Eng
ineer
ing,
Univ
ersit
i
T
un
Hus
sein
Onn
Malay
s
ia,
Ma
lays
ia
1,
2
,5,6
Depa
rtment
of
Engi
n
ee
rin
g
a
nd
Buil
t
Env
iron
m
ent
,
Univer
si
ti
Keba
ngsaa
n
Mal
a
y
si
a, Ma
l
a
y
s
ia
7
Depa
rtment of
Com
pute
r
Engi
n
ee
ring
,
Univ
ersity
of
Basr
ah, I
raq
Art
ic
le
In
f
o
ABSTR
A
CT
Art
ic
le
history:
Re
cei
ved
Oct
21
, 201
9
Re
vised
Feb
2
,
2020
Accepte
d
Fe
b
1
0
, 202
0
W
it
h
the
dr
amat
ic
evo
lut
ion
in
n
et
works
nowada
y
s,
an
equ
iva
l
en
t
growth
of
cha
l
le
nges
h
as
b
ee
n
d
epi
c
te
d
to
ward
implement
ing
and
d
epl
o
ym
ent
of
such
net
works
.
One
o
f
the
ser
ious
challe
ng
es
is
the
se
cur
ity
wher
e
wi
de
ran
g
e
o
f
at
t
ac
ks
would
t
hre
at
the
se
ne
t
works
.
Denia
l
-
of
-
Servic
e
(DoS
)
is
one
of
the
comm
on
att
ac
ks
th
at
ta
rge
ts
seve
ra
l
t
y
p
es
o
f
net
works
in
w
hic
h
a
huge
amount
of
infor
m
at
ion
is
b
ei
ng
floode
d
int
o
a
sp
ec
if
ic
se
rve
r
fo
r
the
purpos
e
of
turni
ng
of
such
serve
r.
Man
y
r
ese
ar
ch
studie
s
ha
ve
exa
m
in
e
d
the
sim
ulation
of
net
works
in
orde
r
to
obse
rve
th
e
b
eha
vi
or
of
DoS
.
How
eve
r,
the
va
rie
t
y
of
it
s
t
y
pes
hinde
rs
the
proc
ess
of
conf
iguring
the
DoS
at
t
ac
ks.
In
par
t
ic
ul
ar,
the
Dist
ribut
ed
DoS
(D
DoS
)
is
conside
red
to
be
the
m
ost
cha
ll
en
ging
thre
a
t
to
var
ious
net
works
.
Henc
e,
thi
s
pa
per
ai
m
s
to
ac
comm
odat
e
a
comprehe
nsive
sim
ula
ti
on
in
orde
r
to
figu
re
out
and
det
e
ct
DD
oS
at
ta
cks.
Us
ing
the
well
-
known
sim
ula
tor
te
chn
iq
ue
of
NS
-
2,
the
expe
r
iment
s
show
ed
tha
t
diffe
ren
t
t
y
p
es
of
DD
o
S
have
bee
n
cha
ra
cteri
z
ed,
exa
m
ine
d
and
det
e
cted.
This
implie
s
the
eff
icac
y
of
the
comprehe
nsi
ve
sim
ula
t
ion
pr
oposed
b
y
th
is st
ud
y
.
Ke
yw
or
d
s
:
Den
ia
l
of
ser
vi
ce
Distrib
uted
De
nial
-
of
-
Ser
vice
Inform
at
ion
secur
it
y
In
tr
us
i
on d
et
ec
ti
on
Si
m
ulati
on
Copyright
©
202
0
Instit
ut
e
o
f Ad
vanc
ed
Engi
n
ee
r
ing
and
S
cienc
e
.
Al
l
rights re
serv
ed
.
Corres
pond
in
g
Aut
h
or
:
H
.
H
.
I
br
a
him
,
Faculty
of Elec
tric
al
an
d El
ect
ronic E
ng
i
neeri
ng
,
Un
i
ver
sit
i T
un
Hu
s
sei
n O
nn
Ma
la
ysi
a,
86400 Pa
rit R
aja,
Joh
or
,
Mal
ay
sia
.
Em
a
il
: hu
ssam
pc93
@g
m
ai
l.c
om
1.
INTROD
U
CTION
Distrib
uted
de
nial
of
se
r
vice
(
DDoS)
is
on
e
of
t
he
c
omm
on
at
ta
cks
wit
hin
wi
de
range
of
netw
orks
wh
e
re
the
rec
ogniti
on
a
nd
pr
e
ve
ntion
of
su
c
h
at
ta
ck
has
al
ways
been
a
ho
t
issue
in
network
s
ecur
it
y
researc
h
[1
-
4]
.
DDoS
de
te
ct
ion
a
nd
def
e
nc
e
syst
e
m
s
hav
e
m
any
sh
or
tc
om
ing
s
su
ch
a
s
high
false
posit
ive
rate,
low
exe
cution
ef
fici
ency,
an
d
la
ck
of
li
nk
a
ge
be
tween
detect
i
on
a
nd
de
fe
nc
e
[5
-
7]
.
The
refor
e
,
el
i
m
inati
ng
false
posit
ives,
i
m
pr
ov
in
g
e
xec
ution
ef
fici
enc
y,
and
en
ha
ncing
t
he
li
nkage
betwee
n
detect
ion
a
nd
def
e
nce
proces
ses h
a
ve
al
ways b
ee
n
t
he
f
oc
use
s of
researc
h
[8
-
12]
.
W
it
h
the
div
e
r
sit
y
and
dif
fere
nt
cha
racteri
s
ti
cs
of
D
oS,
th
e
process
of
de
te
ct
ing
su
c
h
a
tt
ack
is
sti
l
l
facin
g
obsta
cl
es
[13
-
16]
.
Şi
m
şek
&
Şentürk
[17]
ha
ve
pro
posed
m
et
hod
that
util
iz
e
t
he
pre
-
co
ngest
ion
i
n
order
to
a
naly
ze
the
flow
of
da
ta
du
ri
ng
this
per
i
od.
The
au
thors
ha
d
an
as
su
m
ption
that
low
-
rate
distri
bute
d
DoS
is
one
of
t
he
ha
r
dest
to
be
detect
ed
du
e
to
their
sim
il
ar
it
y
to
the
norm
al
beh
a
vior.
T
he
refor
e
,
the
a
ut
hors
hav
e
f
oc
us
e
d
on
the
pe
rio
ds
hav
e
no
co
ngest
ion
s
in
orde
r
to
diag
on
is
the
featu
res.
T
he
featu
res
ext
racte
d
from
su
ch
peri
od
s
hav
e
bee
n
inc
orporated
to
form
a
ne
w
filt
erin
g
ap
proac
h
f
or
detect
ing
D
D
oS
at
ta
cks
.
Re
su
lt
s of sim
ulati
on
sho
wed fair
pro
gr
e
ss
on c
har
act
e
rizi
ng
DDoS at
ta
ck
s.
Bukhar
ov
et
al
.
[
18
]
hav
e
pro
po
s
ed
a
gam
e
-
base
d
m
et
ho
d
for
sim
ula
ti
ng
DoS
at
ta
cks.
T
he
propos
e
d
m
et
ho
d
has
util
iz
ed
a
scena
rio
w
he
re
the
i
nt
ruder
would
be
at
tract
ed
in
orde
r
to
gain
i
nfo
rm
ation
re
ga
rd
i
ng
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Ele
c &
C
om
p
En
g,
V
ol.
10
, No
.
4
,
A
ugus
t
2020
:
3685
-
3694
3686
his
real
inte
ntion
s
.
Re
s
ults
of
sim
ulati
on
sh
owe
d
that
th
e
pro
po
s
ed
m
et
hod
has
the
a
bili
ty
to
detect
wide
range
of Do
S a
tt
acks.
Wang e
t al
.
[19]
hav
e
pro
po
se
d
a
Do
S d
et
ect
io
n
m
e
thod
based o
n honeynet t
ec
hnology
.
The
propose
d
m
et
ho
d
was
in
te
nd
e
d
to
obse
rv
e
a
nd
analy
z
e
the
cha
racter
ist
ic
s
of
eve
ry
beh
a
vior
in
or
der
t
o
detect
sp
eci
fic
patte
r
n.
Fina
ll
y,
the
pr
opose
d
m
et
ho
d
a
i
m
ed
at
detec
ti
ng
s
uc
h
patte
rn
s
w
hic
h
m
ight
corres
pond
to
DoS
at
ta
cks.
Re
su
lt
s
of
sim
ulati
on
sho
wed
pro
gr
e
ss
on
dete
ct
ing
D
oS
at
ta
cks.
Mo
hd
et
al
.
[20]
hav
e
e
xam
ined
the
distri
bu
te
d
DoS
that
m
igh
t
occ
ur
on
I
nt
ern
et
of
T
hing
s
(IoT
)
net
wor
ks
.
T
he
a
uthor
s
ha
ve
util
iz
ed
OMN
ET++
in
orde
r
to
create
a
virtu
al
en
vir
on
m
ent
that
si
m
ulate
the
Io
T
ne
twork
s
.
D
ur
i
ng
su
c
h
si
m
ulati
on
, th
e
au
thors h
a
ve
c
har
act
erize
d
se
ver
al
DDoS at
ta
cks.
A
s d
e
picte
d
from
the l
iteratur
e
, it i
s o
bv
io
us
that
the
exam
inati
on
of
DoS
at
ta
cks
is
sti
ll
a
chall
en
ging
ta
sk
w
he
re
w
ide
ra
ng
e
of
s
uch
at
ta
ck
w
ould
be
encou
ntere
d
es
pecial
ly
with
the
va
riet
y
of
ne
tworks
nowa
days.
T
her
e
for
e,
this
pa
per
ai
m
s
to
accom
mo
date
a com
pr
ehe
ns
i
ve
sim
ulati
on
to
e
xam
ine
the ty
pes of
D
oS
,
a
s w
el
l as,
att
em
pt
ing
to
det
ect
these att
acks
.
2.
RESEA
R
CH MET
HO
D
On
e
of
the
m
os
t
seriou
s
probl
e
m
s
is
DD
oS,
and
m
a
ny
def
enses
ha
ve
bee
n
pro
posed
to
address
thi
s
threat.
I
n
ord
er
to
com
par
e
and
eval
uate
these
so
luti
ons,
a
com
m
on
evaluati
on
platfo
rm
is
req
ui
red.
The
m
et
ho
do
l
ogy
of
this
pa
pe
r
consi
sts
of
th
ree
par
ts:
a
ty
pical
attack
scenari
o
co
ns
ist
in
g
of
the
dim
en
sion
s
of
le
gitim
at
e
traff
ic
an
d
ta
rg
et
netw
ork
re
sourc
es,
te
sti
ng
the
m
et
hodo
l
og
ic
al
crit
eria
that
captu
re
perform
ance
m
et
rics
an
d
are
a
ff
ect
ed
by
t
he
eff
ect
ive
ness
of
at
ta
cks
a
nd
de
fen
se
s
it
is
co
m
po
sed.
In
ord
er
to
do so, t
he
f
ollo
wing ste
ps
have bee
n
a
pp
li
e
d:
Detect
and
filt
er
on
e
-
way le
gi
tim
at
e traff
ic
fro
m
traff
ic
i
de
ntifie
d
as
a
pos
sible at
ta
ck.
Detect
att
ack
usi
ng m
ulti
ple d
et
ect
ion
crite
ri
a.
It is legit
im
a
te
f
r
om
att
ack traf
fic.
Finall
y,
Atta
ck
sam
ples f
ro
m
att
ack traf
fic, s
umm
arize at
ta
ck
functi
on
s i
n
a rea
dabl
e fo
rm
at
an
d
m
achine
-
r
eada
ble
form
, an
d faci
li
ta
te
the appli
cat
ion
of cluster
ing
m
et
ho
ds.
This
m
akes
it
easy
to
c
olle
ct
at
ta
ck
sam
ples
f
r
om
m
a
ny
pu
blic
trac
es.
All
of
the
se
pastes
are
autom
at
ed
by
a
series
of
to
ols.
Figure
1
s
how
s
ap
plyi
ng
th
e
si
m
ulati
on
pro
cess
to
at
ta
ck
c
ases
re
qu
i
rin
g
m
or
e
at
ta
cker
s a
nd
usa
ge
sce
na
rios. I
n our sim
ulatio
n m
et
ho
do
l
ogy we
fo
ll
ow t
he
se steps:
First Step:
I
n
fi
rst step
is to c
r
eat
e a n
et
work
topolo
gy
with
an NS
-
2
te
ll
sc
ript fo
r
eac
h
at
ta
ck.
Seco
nd
Step:
I
n
sec
ond
ste
p
is
to
at
ta
ch
th
e
le
gitim
at
e
tr
aff
ic
rec
ords
t
o
pe
rfo
rm
le
gi
tim
a
te
traff
ic
on
topolo
gy
no
de
s.
A
fter
t
hat, r
e
al
-
tim
e
at
ta
ck
t
rack
s
are
li
nk
e
d
to
to
po
l
og
ie
s
to g
ene
rate
at
ta
ck
tra
ff
ic
.
T
he
se
at
ta
ck
rec
ords are a
naly
zed.
Figure
1
.
Fr
am
ewor
k of
t
he pr
opos
e
d
m
et
ho
d
The
n
si
m
ulati
on
is
again
pe
rfor
m
ed,
al
l
traff
ic
is
m
on
it
or
e
d,
an
d
an
offli
ne
analy
sis
is
perform
ed.
The
outp
ut
tra
ce
file
is
the
n
us
e
d
to
m
easu
re
the
at
ta
ck.
The
sim
ulati
on
topolo
gy
us
e
d
for
t
his
ex
pe
r
i
m
en
t
con
ta
in
s
a
le
gitim
at
e
client
pool
co
ntainin
g
var
i
ous
node
s
that
are
us
ed
to
ge
ner
at
e
le
gitim
at
e
traff
ic
.
To
ge
ner
at
e
le
gitim
at
e
traff
ic
,
real
-
tim
e
trac
ks
are
us
e
d.
W
it
h
these
tra
ces,
the
nodes
gen
erate
TCP
traff
ic
.
An att
acker
u
s
ed UD
P tra
ff
ic
to lau
nch an
att
ack.
The
pur
pose
of
the
at
ta
ck
is
to
con
s
u
m
e
t
he
ba
ndwidt
h
of
the
bott
le
ne
ck
li
nk
so
that
le
gitim
at
e
traff
ic
c
ould not
se
nd
t
he
pac
kets.
Eac
h
sim
ulati
on
ti
m
e
is
2
sec
onds.
Le
gi
tim
at
e
traff
ic
is
base
d
on
TC
P,
s
o
it
go
e
s
th
rou
gh
the
sl
ow
boot
ph
a
se.
T
he
t
otal
nu
m
ber
of
le
gitim
at
e
cl
ie
n
ts
in
the
le
gi
ti
m
at
e
cl
ie
nt
pool
is
8.
The
t
otal t
raffic
load an
d b
ottl
eneck
ba
ndwi
dth
re
pr
ese
nt t
he
sce
nar
i
o of
a busy c
onnect
ion
.
In
our
e
xp
e
rim
ents,
le
gitim
at
e
traff
ic
is
ge
ner
at
e
d
us
i
ng
real
tim
e
tracks.
T
he
le
giti
m
at
e
traff
ic
is
base
d
on
TCP.
He
re
we
hav
e
co
ns
ide
red
13
le
gitim
at
e
cl
ien
ts
that
wa
nt
to
c
omm
un
ic
ate
with
the
TC
P
S
i
nk
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N:
20
88
-
8708
A com
pr
ehe
ns
i
ve stu
dy of dist
ribu
te
d Den
i
al
-
of
-
Service
attack wi
th t
he de
te
ct
ion
tech
niques
(
H
. H.
Ibra
him
)
3687
node.
Re
al
-
tim
e
data
set
s
a
re
again
us
e
d
to
gen
e
rat
e
DDo
S
at
ta
cks.
The
a
m
ou
nt
a
nd
c
om
plexit
y
of
tra
ff
ic
in
record
s
is
ve
r
y
hig
h
a
nd
ve
ry
dif
ficult
to
unde
rstan
d.
The
trac
ks
use
d
to
c
reate
an
at
ta
ck
are
s
tore
d
in
tr
f
or
m
at
.
So
m
e
res
ults
are
si
m
ula
te
d
by
gnup
l
ot
an
d
oth
e
r
extracte
d
in
form
ation
a
nd
t
he
n
pass
e
d
to
e
xcel
to
pro
du
ce
the
graph
ic
al
resu
lt
s.
2.1
.
Simul
at
io
n
The
sim
ulator
us
ed
in
t
his
pap
e
r
was
t
he
NS
2
sim
ulator.
Net
work
Sim
ula
tor
Ve
rsion
2,
widely
known
as
N
S
2,
is
an
eve
nt
dr
ive
n
si
m
ulati
on
too
l
th
at
is
us
efu
l
in
stu
dying
th
e
dynam
ic
na
ture
of
co
m
m
un
ic
at
ion
net
works
[
21]
.
The
c
os
t
of
buil
ding
a
r
eal
distribu
te
d
te
sti
ng
en
vir
onm
ent
is
ver
y
high.
Si
m
ulati
on
is
a
n
im
po
rtant
m
et
hod
i
n
netw
ork
resea
rc
h,
a
s
si
m
ulati
on
ca
n
be
use
d
to
ana
ly
ze
netw
or
k
r
el
at
ed
pro
blem
s
un
de
r
dif
fer
e
nt
pr
oto
cols
,
cr
os
s
tra
ff
ic
an
d
to
polo
gies
with
m
uch
le
ss
cost
[22
-
24]
.
Th
e
m
os
t
well
-
known
netw
ork
sim
ulator
is
NS2.
N
S2
sim
ulator
c
ov
e
rs
a
la
rg
e
num
ber
of
a
pp
li
cat
ions
,
protoc
ols,
networ
k
ty
pes,
net
wor
k
el
e
m
ents
and
traff
ic
m
od
el
s.
The
refor
e
,
we
us
e
NS2
sim
ulator
f
or
this
t
hesis.
Sim
ulatio
n
of
wire
d
as
well
as
wireless
net
work
f
un
ct
io
ns
and
prot
oco
ls
(e.
g.
,
routin
g
a
lgorit
hm
s,
TCP,
U
DP)
ca
n
be
done
us
in
g
NS2.
I
n
gen
e
ral,
NS2
pro
vid
es
use
r
s
with
a
way
of
sp
eci
fyi
ng
s
uc
h
netw
ork
prot
oco
ls
an
d
sim
ulati
ng
their
c
orrespo
ndin
g
beh
a
viors
.
D
ue
t
o
it
s
fle
xib
il
it
y
and
m
odular
nat
ur
e,
NS2
has
gaine
d
c
onsta
nt
popula
rity
in the net
w
orki
ng r
esea
rc
h
c
om
m
un
it
y.
At
the
sim
ul
at
ion
le
vel,
NS
-
2
us
e
s
th
e
OTcl
(
Obje
ct
-
Or
ie
nted
T
oo
l
C
omm
and
Lan
guage
)
pro
gr
am
m
ing
l
angua
ge
to
i
nterpret
us
e
r
si
m
ula
ti
on
scri
pt
s
[25]
.
T
he
O
Tcl
la
nguag
e
is
act
ually
an
obj
ect
-
or
ie
nted
exte
nsi
on
of
the
Tc
l
la
ng
ua
ge.
At
the
top
le
vel,
NS
is
the
interp
reter
f
or
th
e
us
er'
s
Tcl
script.
Tcl
la
ngua
ge
is
full
y com
patible
w
it
h
the
C +
+ pro
gr
am
m
in
g
la
ng
uag
e
.
NS
c
reates
t
wo
m
ai
n
analy
sis
repor
ts
sim
ultan
eo
us
ly
a
nd
al
so
e
xpla
ins
t
he
OTcl
scri
pt.
O
ne
of
them
is
the
Network
An
im
at
or
(NAM)
ob
j
ect
,
w
hich
sho
ws
sim
ula
te
d
visu
al
ani
m
at
ion
s.
The
oth
e
r
is
a
trackin
g
obj
ect
th
at
co
ns
ist
s
of
t
he
be
hav
i
or
of
al
l
obj
ect
s
i
n
the
si
m
ulati
on
.
N
S
pro
j
ect
s
a
re
us
ua
ll
y
sh
ip
pe
d
with
var
i
ou
s
s
of
t
wa
re
pack
a
ges
(
ns,
nam
,
tc
l,
otc
l,
et
c.)
an
d
are
ref
e
rr
e
d
t
o
as
a
n
"al
l
-
in
-
on
e
pa
ckag
e
,"
but
th
ey
can
al
so
be
sea
rched
a
nd
d
ownl
oa
ded
se
par
at
el
y.
This
stu
dy
us
e
d
a
sta
ble
ver
si
on
of
t
he
ns
2.1
5
ns
al
l
-
in
-
on
e
pack
a
ge
a
nd
i
ns
ta
ll
ed
it
in
t
he
Re
d
H
at
E
nter
pr
ise
Li
nux
5
op
e
rati
ng
env
i
ronm
ent.
This
work
i
ng
".tcl
"
file
was writt
en
a
nd
par
se
d wit
h
a
text edit
or
.
"tr
" f
il
e. Fi
gure
2 sh
ows
the
flo
w
char
t
of the
sim
ula
ti
on
.
Figure
2
.
Flo
w
char
t
of the
sim
ula
ti
on
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Ele
c &
C
om
p
En
g,
V
ol.
10
, No
.
4
,
A
ugus
t
2020
:
3685
-
3694
3688
2.2
.
Simul
at
io
n
mo
dels
Mod
el
s
il
lustra
te
the
m
ov
em
e
nts
of
node
s
a
nd
t
he
co
nnect
ion
betwee
n
m
od
el
s
in
LA
N
and
WL
AN
within
the
sp
a
ce
of
sim
ulatio
n.
In
W
LA
N
the
forem
os
t
m
ann
er
use
d
f
or
sim
ulati
on
is
Ra
ndom
W
a
ypoint
qu
al
it
y
m
od
el
.
Durin
g
t
his
m
od
el
the
node
s
pa
ssage
from
waypo
int
t
o
s
ubs
equ
e
nt
with
a
haphaza
rd
ly
c
hose
n
sp
ee
d
(
unif
orm
ly
distribu
te
d
betwee
n
0
–
20
m
/s).
A
sel
ect
ed
s
peed
an
d
pe
rio
d
is
c
hos
en
fo
r
eac
h
tra
ns
it
ion.
Wh
e
n
the
sti
pula
te
d
tra
ns
it
io
n
pe
rio
d
e
nd
s
the
node
m
ight
pau
se
for
a
s
el
ect
ed
per
i
od
of
y
our
tim
e
bef
ore
beg
i
nn
i
ng
it
s
transiti
on
to
w
ard
s
subse
qu
e
nt
wayp
oin
t
.
Nodes
within
the
sim
ulati
o
n
disc
overe
d
m
ov
e
consi
ste
nt
with
a
m
od
el
that'
s
ac
knowle
dge
because
the
“
r
andom
waypo
i
nt”
m
od
el
sel
ect
s
an
ob
l
ong
fiel
d.
Qu
al
it
y
m
od
el
s
we
re
c
reated
f
or
t
he
sim
ulati
on
s
m
ist
reat
m
ent
thirty
-
on
e
node
s,
m
os
t
sp
ee
d
of
twe
nty
m
/s,
topolo
gy bo
undar
y
of a th
ous
and × a t
hous
a
nd and
sim
ulatio
n
ti
m
e o
f fifty
sec.
The
i
ns
tr
uctions o
f
e
xp
e
rim
enting
the
sim
ula
ti
on
ca
n be e
xp
la
ined
as
foll
ows:
Fo
r
a
naly
zi
ng
giv
e
n
sce
nar
i
os t
he
n wr
it
e do
wn TCL sc
ript
then si
m
ulate
b
y ns2.
The
n
the
traces
f
il
e an
d nam
e file
which is
cr
eat
ed
du
rin
g
e
xecu
ti
ng
TCL
scripts
for
eac
h si
ngle
sc
ena
ri
o.
Creat
e a f
i
nal pro
ce
dure.
Creat
e
nodes
wh
ic
h
will
be
pr
e
sent
the
s
pecific
to
polo
gy.
H
ere
i
n
e
xp
e
rim
ents
each
sce
nar
i
o
ha
s
nu
m
ber
s
of
nodes.
Creat
e
the
wa
y
of
co
nnect
io
n
betwee
n
node
s
way
po
i
nts
t
o
represe
nts
w
irel
ess
co
nnect
ion
or
li
nks
t
o
connect
th
e
nodes
i
n
L
AN.
Set
up
the LAN
by
s
pecifyi
ng
the
no
des,
a
nd
assig
n
val
ues
for
ba
ndwidt
h,
delay
,
que
ue
ty
pe
an
d
cha
nn
el
to it
.
Sp
eci
fic
the
prot
oco
ls
to
se
nd
i
ng
m
essag
e
or
po
c
kets
su
c
h
as
TCP
and
/
or
UDP
c
onnecti
on(s
)
a
nd
the FT
P/C
BR
.
Sche
du
le
t
he
di
ff
ere
nt e
ven
ts
li
ke
sim
ulatio
n st
art an
d st
op, dat
a tra
ns
m
issio
n st
arts a
nd st
op.
Ca
ll
the f
inis
h proce
dure a
nd
m
ention
th
e ti
m
e at wh
at
ti
m
e your sim
ulatio
n wil
l en
d.
Exec
ute the
scr
ipt wit
h ns
.
Table
s
1
a
nd
2
sh
ow
both
h
y
pe
r
-
par
am
et
ers
and p
a
ram
et
ers
of the
sim
ulatio
n res
pecti
vely
.
Table
1
. Si
m
ul
at
ion
’s
h
y
per
-
pa
ram
et
ers
Para
m
eter
Sp
ecif
icatio
n
Interf
ace
W
ire
less
Pack
et Size
5
1
2
By
te
Qu
eu
e L
en
g
th
50
No
.
o
f
Nod
es
31
Si
m
u
latio
n
Ar
e
a
1
0
0
0
x
1
0
0
0
Si
m
u
latio
n
T
i
m
e
5
0
Secon
d
Mob
ility Mo
d
el
Ran
d
o
m
W
a
y
p
o
in
t
Tr
an
s
m
iss
io
n
Ran
g
e
2
5
0
m
Tr
af
f
ic M
o
d
el
CBR
Ban
d
wid
th
2
m
b
p
s
Table
2
. Si
m
ul
at
ion
’s
p
a
ram
e
te
rs
Para
m
eters
Valu
e
Ty
p
es o
f
attacks
TCP tr
af
f
ic with
ra
n
d
o
m
seq
u
en
ce nu
m
b
ers
TCP f
lo
o
d
TCP SY
N f
lo
o
d
ICMP
f
lo
o
d
Sp
o
o
f
i
n
g
Inv
alid
pro
to
co
l num
b
er
Attack
ers
6
attackers no
d
e
Legiti
m
at
e
1
legiti
m
ate no
d
e
Victi
m
1
victi
m
no
d
e
Ty
p
es o
f
attackin
g
CPU
-
ex
ten
siv
e att
acks
Leng
th
and
du
ratio
n
cu
sto
m
pack
et
len
g
th
and
du
ration
3.
RESU
LT
S
A
ND AN
ALYSIS
To
analy
se
the
per
f
orm
ance
of
the
N
S
-
2
sim
ula
tor,
the
re
will
be
five
cases
of
sim
ulatio
n
that
ha
d
been
done
.
The
first
sim
ul
at
ion
is
done
in
TCP
traff
ic
,
seco
nd
sim
ulati
on
is
done
in
TCP
flood,
thi
r
d
si
m
ulati
on
is
done
in
TCP
S
YN
flo
od,
f
ourth
sim
ulati
on
i
s
done
i
n
ICMP
flo
od
a
nd
fifth
sim
ulatio
n
done
in s
poof
i
ng.
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N:
20
88
-
8708
A com
pr
ehe
ns
i
ve stu
dy of dist
ribu
te
d Den
i
al
-
of
-
Service
attack wi
th t
he de
te
ct
ion
tech
niques
(
H
. H.
Ibra
him
)
3689
3.1
.
Simul
at
io
n
resul
t
of T
C
P t
r
affic
A
hiera
rch
ic
al
desig
n
en
forc
ed
to
m
ake
wireless
sit
uation
and
local
are
a
networ
k
sit
ua
ti
on
.
T
his
desig
n
inclu
de
s
a
ro
ot
no
de
and
3
to
fou
r
cl
us
te
rs
sub
ne
tworks
it
is
dep
en
ds
on
the
at
ta
ck
as
are
sho
w
n
within
the
ne
xt
sect
ion
.
E
ve
ry
cl
us
te
r
in
cl
ud
es
m
ob
il
e
nodes.
T
he
hierar
c
hical
de
sign
is
ad
diti
on
al
ly
non
-
pu
blic
addressin
g
them
e.
A
po
ol
of
pe
r
so
na
l
ad
dr
ess
i
s
getti
ng
us
e
d
for
distri
bu
ti
on
pr
i
vate
ad
dr
es
s
to
ever
y
node
in
each
cl
us
te
r.
At
the
be
ginni
ng
of
sim
ulatio
n
e
ve
ry
tim
e
associat
e
ad
dress
is
bein
g
pi
cked
up
from
add
ress
pool
a
nd
assig
n
to
the
pr
e
sent
node.
Wh
e
n,
a
cl
us
te
r
node
de
sires
to
s
pea
k
with
al
te
r
nativ
e
node
that
resides
in
al
te
rn
at
ive
cl
ust
er,
al
l
the
tra
f
fic
flo
ws
from
root
no
de.
Within
cl
us
te
r
node
will
com
m
un
ic
at
e
directl
y w
hile no
t
f
orward
in
g t
raffic
to
e
ntry
way.
Hierarc
hical
de
sign
is
getti
ng
use
d
i
n
im
pl
e
m
entat
ion
as
a
resu
lt
of
a
ggressor
node
de
sires
to
at
ta
ck
a
node
that flo
w
m
os
t
traff
ic
of
t
he
net
work.
Durin
g
this
sit
uation,
m
os
t
network
tra
ff
ic
fl
ow
s f
r
om
ro
ot
node.
A
s
it
ca
n
be
se
en
in
Fi
gure
3
after
t
he
r
un
si
m
ula
ti
on
f
or
D
DoS
at
ta
ck
in
222.0
M
S
the
at
ta
ck
sta
rts
t
o
sen
d
po
c
kets
from
nodes
to
ye
ll
ow
node
w
hich
represe
nts
the
victim
co
m
pu
te
r
or
ser
ve
r.
A
fter
a
wh
il
e
cause
of
the
huge
num
ber
s
of
po
c
kets
sen
ds
the
se
r
ve
r
will
be
st
oppe
d
or
kill
ed
an
d
can
not
recei
ve
any
request
s
from
any
com
pu
te
r
.
As
s
how
n
i
n
t
he
gr
a
ph
in
Fi
gure
4.
As
To
po
l
og
y
c
oncer
n,
t
her
e
are
on
ly
two
data
co
nn
ect
io
n
betwee
n
cl
us
te
rs
f
or
e
xperim
ent
pur
pose,
one
f
ro
m
cl
us
te
r
15
t
o
16
a
nd
a
no
t
her
with
6,
7,
8,
to
9
as
s
how
n
i
n
Figure
5
.
Figure
3
.
N
et
w
ork
t
opology
Figure
4
.
N
et
w
ork
t
opology
w
it
h
TCP
flo
w
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Ele
c &
C
om
p
En
g,
V
ol.
10
, No
.
4
,
A
ugus
t
2020
:
3685
-
3694
3690
Figure
5
.
DD
oS at
ta
cks
3.2
.
Simul
at
io
n
resul
t
of T
C
P
flo
od
In
this
th
esi
s,
s
ect
ion
a
scena
r
io
f
or
eac
h
DDoS
at
ta
c
k
will
be
sim
ulate
d.
So
m
e
of
t
he
to
po
l
og
y
will
be
wireles
s
an
d
ot
her
s
WL
A
N.
T
he
sim
ulatio
n
sce
nar
i
o
of
this
ty
pe
of
at
t
ack
co
ns
ist
s
of
5
gro
ups
eac
h
gro
up
has 7
nodes
.
Nu
m
_nod
e
s =
nu
m
_grou
p * n
um
_s
iz
e
So
,
the
Nu
m
ber
of
N
odes
35
nodes
.
M
essag
e
port
is
forty
-
two
to
sen
d
m
essage
ki
nd
one
cl
us
te
r
t
o
al
te
rn
at
ive;
ev
ery
age
nt
kee
ps
track
of
w
ha
t
m
essages
it
'
s
seen
a
nd
so
le
l
y
fo
r
wa
rd
s
t
ho
se
that
it
hasn
'
t
seen
befor
e
.
T
his
dem
on
strat
io
n
conj
oin
tl
y
incl
ud
e
s
a
ser
ver
an
d
a
com
m
un
ic
at
io
ns
pro
tocol
bac
klog
qu
e
ue
.
The
com
m
un
ic
at
ion
s
pr
oto
c
ol
back
l
og
qu
e
ue
is
e
m
plo
ye
d
to
carry
a
pac
ke
t’s
request,
ti
ll
it
receives
it
s
fina
l
ackno
wled
gem
ent
or
ti
ll
it
s
per
i
od
of
ti
m
e
exp
ires
.
I
niti
al
the
con
s
um
e
r
sen
ds
a
SYN
pac
ket
requ
est
to
the
ser
ve
r.
O
nc
e
the
se
rv
e
r
re
cei
ves
the
pac
ket,
it
se
nd
s
ba
ck
to
the
sen
de
r
node
a
S
YN
-
ACK
re
qu
est
pa
cket.
The
cl
ie
nt
’s
r
equ
e
st
is
hold
on
the
com
m
un
ic
at
ion
s
prot
oco
l
bac
klog
qu
e
ue.
As
befor
e
lo
ng
be
caus
e
the
co
nsum
er
receives
the
S
Y
N
-
ACK
re
qu
es
t,
it'
ll
rep
ly
to
the
ser
ve
r
with
a
SYN
-
ACK
-
ACK.
The
ser
ve
r
can
receive
t
he
cl
ie
nt’s
SYN
-
AC
K
-
ACK
an
d
a
n
ass
ociat
ion
to
the
se
r
ver
i
s
est
ablishe
d.
The
cl
ie
nt’
s
init
ia
l
request
is
al
oof
from
the
com
m
un
ic
at
ion
s
pr
oto
c
ol
back
l
og
queue
.
T
he
m
et
hod
ca
n
c
onti
nu
e
du
rin
g
this
sam
e
m
ann
er
w
hen
e
ver
a
bran
d
-
ne
w
re
quest
h
as
arr
ive
d.
Each
m
essage is of the
s
hap
e "
ID
:
DA
T
A" whe
re
ver
ID
i
s
a
few
a
rb
it
ra
r
y
m
essage
sym
bo
l
and
knowle
dge
is
that
the
payl
oa
d.
So
as
t
o
cut
back
m
e
m
or
y
us
a
ge,
the ag
e
nt st
or
e
s so
le
ly
the m
essage
ID
as s
how
n
i
n
Fi
gure
6
.
Figur
e
6.
TCP
flo
od
i
ng att
ack
3.3
.
Simul
at
io
n
resul
t
of
SYN TC
P
fl
ood
The
S
YN
fl
ood
at
ta
ck
dem
on
strat
es
a
two
-
way
ackno
wle
dg
em
ent.
This
dem
on
strat
ion
exh
ibit
s
of
howe
ver
ass
oc
ia
te
deg
ree
act
ual
SYN
fl
ood
at
ta
ck
happe
ns
and
w
hat
ha
ppen
s
thr
ough
out
that
point
a
m
ou
nt.
The
t
opology i
nclu
des
t
hirty
-
f
ive no
des node
zero is se
rv
e
r.
Tw
o
no
des, w
hose c
olor is
red, r
e
pr
ese
nt
victim
s.
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N:
20
88
-
8708
A com
pr
ehe
ns
i
ve stu
dy of dist
ribu
te
d Den
i
al
-
of
-
Service
attack wi
th t
he de
te
ct
ion
tech
niques
(
H
. H.
Ibra
him
)
3691
The
se
rver
is
t
hat
the
ta
rg
et
e
d
nodes,
the
protoc
ol
dr
op
ta
i
l
qu
e
ue
st
or
es
al
l
received
S
YN
re
qu
e
st
wi
th
their
inf
or
m
at
ion
sci
ence
a
ddresse
s
.
T
he
wait
tim
e
is
that
t
he
li
fes
pan
of
e
ve
ry
pa
cket
since
it
ha
d
bee
n
r
ecei
ve
d
by
the
ser
ve
r
a
nd
wait
s
f
or
a
fi
na
l
ackno
wled
ge
m
ent
from
the
assai
la
nt.
T
hro
ughout
t
he
S
Y
N
fl
ood
at
ta
ck,
a
m
ix
of
at
ta
cke
rs
a
nd
tr
aditi
onal
com
pu
te
rs
be
gi
n
to
f
or
m
req
ue
sts
to
asce
rtai
n
an
as
so
c
ia
ti
on
to
the
s
erv
e
r
.
Atta
cker
s
ca
n
beg
i
n
causa
ti
on
out
an
outsi
zed
va
riet
y
of
[*
f
r
1]
op
e
n
S
YN
pack
et
s
,
em
plo
yi
ng
a
sp
oofe
d
su
pply
inf
orm
at
ion
sci
ence
address
,
to
f
orm
lette
r
of
inv
it
at
ion
t
o
at
ta
ch
to
the
se
rv
e
r.
T
he
pac
ket
of
the
at
ta
cker’s SYN
re
qu
e
st
pa
cket
is
BLAC
K.
O
nce
t
he
se
rv
e
r
recei
ves
the
r
e
quest
it
'll
trans
port
a
SYN
-
ACK
request
to
the
sp
oo
fed
in
f
orm
at
ion
sci
ence
address
an
d
e
xp
ect
it
s
respo
ns
e
that
it
'll
ne
'er
receive
.
The
pack
et
colo
r
c
hanges
to
YE
LL
O
W.
Ever
y
re
qu
est
is
go
i
ng
to
be
keep
withi
n
th
e
prot
oco
l
bac
klog
qu
e
ue
a
nd
c
a
n
exp
i
re
onc
e
it
s
wait
tim
e
ru
ns
ou
t.
F
or
this
dem
o
the
wait
tim
e
is
fo
un
d
ne
xt
to
every
pack
et
s
re
quest
on
the
pr
oto
c
ol
ba
cklo
g
qu
e
ue.
At
a
sim
il
ar
tim
e,
the
re
gula
r
com
pu
te
rs
c
a
n
beg
i
n
c
reati
ng
requests
t
o
a
tt
ach
to
the
ser
ver
ye
t.
The
pr
oto
c
ol
ba
cklo
g
que
ue
can
be
c
om
e
fu
ll
since
it
’s
at
t
e
m
pting
to
m
e
thod
re
qu
e
st
quic
ke
r
than
it
will
ha
ndle
th
em
.
At
now
a
tras
h
bi
n
and
a
lock
.
Th
e
loc
k
re
pr
ese
nt
s
the
pr
oto
c
ol
back
l
og
queue
is
f
ull
so
no
ne
w
SYN
request
m
a
y
be
acce
pted.
The
trash
bin
rep
rese
nts
a
nu
m
ber
of
the
pack
et
s
bein
g
bo
r
n.
It
sh
ows
acce
s
s
bein
g
de
nied
as
a
resu
lt
of
the
protoc
ol
ba
cklo
g
queu
e
is
fu
ll
.
O
nce
th
e
wait
tim
e
of
ever
y
pack
et
,
that
is
xxxii
sec
onds
for
this
dem
onstrat
ion
,
r
uns
dow
n
the
S
YN
pac
ket
are
goi
ng
to
be
al
oof
from
the pr
oto
c
ol b
a
cklo
g qu
e
ue
.
T
he new
inc
om
i
ng p
ac
kets a
re
go
i
ng to be a
cc
epted
a
s s
how
n i
n
Fi
gure
7
.
Figure
1
.
S
YN
flo
od
i
ng
3.4
.
Simul
at
io
n result
of I
C
MP
flo
od
TCP
an
d
ICMP
ha
ve
bee
n
use
d
to
ge
ne
rati
ng
traf
fic
f
or
gen
e
rati
ng
DDoS
flo
od.
Fl
ooding
at
ta
ck
s
den
y
ser
vice in
2
ways:
Gen
e
rati
ng a
n enorm
ou
s
vo
l
um
e o
f
tra
ff
ic
th
at
ex
ha
us
ts i
nfor
m
at
ion
m
eas
ur
e
on t
he back
bone
li
nks
.
Gen
e
rati
ng
a
high
pack
et
ra
te
that
ex
h
aus
ts
the
proce
ss
or
at
as
so
ci
at
e
de
gr
ee
i
nter
m
ediat
e
router
or
the
ta
r
get
ho
st.
D
ur
i
ng
this
ex
per
im
ent,
we'
ve
ge
ner
at
e
d
c
om
m
un
ic
at
ion
s
protoc
ol
a
nd
I
CM
P
inf
or
m
at
io
n
m
easur
e
f
l
ood
with F
LAT
, PULSE
and R
A
MP distri
bu
ti
ons t
o
at
ta
in att
acks
victim
iz
ati
on p
i
ng
.
Ping
ena
ble
node
to
ve
rify
t
hat
in
form
at
ics
exists
a
nd
se
tt
le
fo
r
r
e
quest
.
Pin
g
w
orks
by
causati
on
a
web
m
anage
m
ent
Me
ssag
e
Protoc
ol
(IC
MP)
Ech
o
Re
qu
est
to
suc
h
inter
face
on
the
netw
ork
a
nd
antic
ipati
ng a reply
. After e
xe
cute the
co
de
t
he next
proces
s
will
b
e
sho
w
n
a
s
foll
ow
:
Node 1
receive
d pin
g
a
nswer
from
4
.
Node 2
receive
d pin
g
a
nswer
from
5
.
Node 3
receive
d pin
g
a
nswer
from
6
.
Node 4
receive
d pin
g
a
nswer
from
1
.
Node 5
receive
d pin
g
a
nswer
from
2
.
Node 6
receive
d pin
g
a
nswer
from
3
.
No poc
kets
ha
ve
been d
r
oppe
d.
Af
te
r
that
eac
h
si
ng
le
node
gets
ping
ans
wer
,
h
ere
ther
e
are
no
pac
ke
ts
dro
pp
e
d
since
t
her
e
i
s
a d
irect
c
onnec
ti
on
betwee
n
al
l t
he
pai
r of
no
des via
node 0.
Node 2
gets
pi
ng answe
r fr
om
5
w
it
h
r
ound
-
trip
-
tim
e 2
22.
0
m
s.
Node 3
gets
pi
ng
an
swe
r fr
om
6
w
it
h
r
ound
-
trip
-
tim
e 2
01.
0
m
s.
Node 5
gets
pi
ng answe
r fr
om
2
w
it
h
r
ound
-
trip
-
tim
e 2
22.
0
m
s.
Node 6
gets
pi
ng answe
r fr
om
3
w
it
h
r
ound
-
trip
-
tim
e 2
01.
0
m
s.
No of
pac
kets
dro
pp
e
d:
2
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Ele
c &
C
om
p
En
g,
V
ol.
10
, No
.
4
,
A
ugus
t
2020
:
3685
-
3694
3692
Figure
8
de
pi
ct
s
the
afo
re
m
entioned
nodes.
T
her
e
fore
this
is
o
ften
so
m
e
tim
es
no
t
a
decen
t
al
te
rn
at
ive.
Us
ing
sim
ple
al
go
rithm
in
the
victim
’s
router
to
c
hec
k
t
he
siz
e
of
the
pockets
,
t
he
poc
ket
siz
e
with
gr
eat
er
th
an 150
0 byt
es
, i
ts IP
will
b
e
blo
ck
e
d
f
or
30 m
inu
te
s.
Figure
2
.
ICM
P f
l
ood
3.5
.
Sim
ul
at
io
n
resul
t
of s
poof
in
g
A
spoofin
g
at
ta
ck
cou
l
d
be
a
sta
te
of
aff
ai
rs
durin
g
wh
ic
h
associa
te
assai
la
nt
with
su
ccess
m
asqu
era
des
as
ass
ociat
e
ot
her
node
by
determ
inati
on
knowle
dge
a
nd
the
re
by
gai
ning
a
n
il
le
gitim
at
e
adv
a
ntage
.
T
hi
s
at
ta
ck
co
ns
ist
s
in
ta
r
geting
r
ou
ti
ng
data
w
he
reas
it
'
s
being
exc
hange
d:
m
akin
g
r
outi
ng
loops,
at
tract
ing
or
offensi
ve
net
work
tra
ff
ic
f
ro
m
sel
ect
ed
nodes
,
e
xten
din
g
an
d
shorte
ning
s
upply
r
ou
te
s
,
gen
e
rati
ng
pr
e
te
nd
e
rro
r
m
e
ssages,
pa
rtit
ion
i
ng
the
net
work
,
et
c.
Whi
ch
the
at
ta
c
ke
r
tra
ns
m
it
s
bu
rsts
of
durati
on
L
at
r
at
e
R
in
a
dete
r
m
inist
ic
on
-
off
patte
rn
that
ha
s
pe
rio
d
T.
Wh
en
the
rate
R
c
oupled
with
e
xi
sti
ng
traff
ic
beco
m
es
gr
eat
e
r
tha
n
the
li
nk
ca
paci
ty
loss
is
incu
r
red.
Eac
h
sim
ulati
on
done
is
seen
as
i
n
Fig
ur
e
9
with
the
at
ta
cking
no
de
bein
g
seen
as
the
red
node
a
nd
the
genuine
no
des
as
tho
se
in
bla
ck.
T
he
nodes
were
init
ia
ll
y
si
m
ula
te
d
betwee
n
two
e
xtrem
es
of
7
no
des
an
d
20
nodes
a
nd
pro
gr
essi
vely
i
ncr
ease
d
in
be
twee
n
that ra
ng
e
dur
i
ng the
stress te
sti
ng
phase
of the
pro
j
ect
.
Figure
3
.
S
poofi
ng att
ack
By
set
ti
ng
the
durati
on
L
to
be
m
or
e
tha
n
the
RTT
of
t
he
flo
ws
a
nd
peri
od
T
t
o
be
sli
gh
tl
y
m
or
e
than
m
ini
m
u
m
RTO
value
,
TCP
flo
ws
can
be
f
or
c
ed
to
rep
eat
edly
ti
m
e
ou
t,
thu
s
obta
inin
g
virt
ua
ll
y
zero
thr
oughputs.
A
fter
exec
ute
d
the
TCL
c
od
e
t
her
e
a
re
th
ree
extra
file
s
will
be
ge
ne
rated
the
file
with
nam
e
ICMP
with
tr
extensi
on
will
be
us
e
d
to
ge
ne
rate
xgra
pgh
as
sho
wn
in
Figure
10.
T
o
s
um
up
,
this
st
udy
has
su
ccess
fu
ll
y
ac
com
pl
ished
th
e
obj
ect
ive
s
in
wh
ic
h
a
c
om
pr
ehe
ns
ive
sim
u
la
ti
on
has
bee
n
co
nducted
in
orde
r
to h
i
gh
li
ght
ne
w
at
ta
cks
.
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N:
20
88
-
8708
A com
pr
ehe
ns
i
ve stu
dy of dist
ribu
te
d Den
i
al
-
of
-
Service
attack wi
th t
he de
te
ct
ion
tech
niques
(
H
. H.
Ibra
him
)
3693
Figure
4
.
Xgr
a
ph for ICM
P
at
ta
ck
4.
CONCL
US
I
O
N
This
paper
ha
s
co
nducte
d
a
com
pr
ehe
ns
i
ve
sim
ulatio
n
i
n
order
to
fi
gure
out
a
nd
de
te
ct
DDoS
at
ta
cks.
Usi
ng
NS
-
2
sim
ul
at
or
,
the
e
xp
erim
ents
sh
ow
ed
t
hat
dif
f
eren
t
ty
pes
of
D
DoS
ha
ve
been
char
act
e
rized, exam
ined
and
detect
ed.
T
his
i
m
plies t
he
eff
ic
acy
o
f
the com
pr
ehen
sive si
m
ula
ti
on
pro
pose
d
by
this
stu
dy.
F
or
fu
t
ur
e
resea
rc
hes,
exam
ining
s
pecified
net
works
s
uch
as
IoT
in
te
rm
s
of
co
nf
i
gurin
g
D
DoS
would be
a
gr
e
at
o
pp
or
t
un
it
y.
ACKN
OWLE
DGE
MENTS
I
w
ou
l
d
li
ke
to
than
k
Sam
a
Abd
ullah
f
or
he
r
sup
port
and
e
nc
oura
gem
ent
du
ri
ng
m
y
stud
y.
Y
our
co
ntin
uous
help
a
nd
unde
rstan
ding
ha
ve
m
ade
m
y
li
fe
fu
ll
of
l
ove
an
d
I
am
gr
at
efu
l
f
or
eve
r
yt
hing
you ha
ve done.
REFERE
NCE
S
[1]
Q.
Yan,
and
F.
R.
Yu,
“
Distribut
ed
denial
of
ser
vic
e
a
ttacks
in
software
-
def
ine
d
net
working
with
cl
oud
computin
g,
”
IEE
E
Comm
unications
Magazine
,
vol
.
53
,
no
.
4
,
p
p.
52
-
59
,
2015
.
[2]
S.
Sw
at
hi,
and
H.
Yogish,
“
S
ec
ure
d
at
a
agg
r
ega
t
ion
in
IoT
using
eff
ic
i
ent
-
CS
DA
,
”
Inte
r
nati
onal
Journal
of
El
e
ct
rica
l
and
C
omputer
Engi
n
e
ering
(
IJE
CE
),
v
ol.
9
,
no
.
6
,
pp
.
4
889
-
48
97,
2019
.
[3]
A.
Ri
y
ad
,
M.
A
hm
ed,
and
R
.
K
han,
“
An
ada
p
tive
distri
bu
te
d
in
trusion
detec
ti
o
n
s
y
stem
ar
chi
t
e
ct
ure
using
m
ulti
age
nts,
”
In
te
rnat
ional
Journal
of
El
e
ct
rica
l
and
C
omputer
Engi
n
e
ering
(
IJE
CE
),
v
ol.
9
,
no
.
6
,
pp
.
4
951
-
4960,
2019
.
[4]
B.
Am
bore
,
“
Novel
m
odel
for
boosting
sec
ur
ity
strengt
h
an
d
ene
rg
y
eff
ic
i
ency
in
in
te
rn
e
t
-
of
-
thi
ngs
usin
g
m
ult
i
-
stage
d
ga
m
e,
”
Inte
r
nat
io
nal
Journal
of
El
ectric
al
and
Computer
Engi
nee
ring
(
IJE
C
E
),
vol.
9,
no.
5,
pp.
4326
-
4335
,
2019.
[5]
S.
Alja
warne
h
,
M.
A
ldwai
ri
,
a
nd
M.
B.
Yass
ei
n,
“
Anom
aly
-
base
d
int
rusion
det
e
ct
ion
s
y
ste
m
through
fea
t
ure
sele
c
ti
on
an
aly
si
s
and
buil
ding
h
y
brid
eff
i
ci
en
t
m
odel
,
”
Journal
of
Computati
on
al
Sci
en
ce,
vol.
25,
pp.
152
-
160
,
2018.
[6]
H.
Hind
y
,
D.
Br
oss
et
,
E.
Ba
y
ne
,
A.
Seea
m
,
C.
Ta
cht
a
tz
is,
R.
Atki
nson,
and
X.
Bel
le
k
ens,
“
A
ta
xonom
y
and
surv
e
y
of
int
rusion
de
tecti
on
s
y
s
te
m
de
sign
te
chn
ique
s,
net
work
threat
s
and
dataset
s,
”
arXiv
preprint
a
rXiv
:1806.
03517
,
2018.
[7]
P.
Mishra,
V.
V
ara
dhar
ajan,
U.
Tupa
kul
a,
and
E
.
S.
Pill
i,
“
A
Det
ai
l
ed
Inve
stig
at
i
on
and
Anal
y
sis
of
Us
ing
Mac
hi
ne
Le
arn
ing
Techn
ique
s
for
Intrusion
Detect
ion
,
”
IEE
E
Comm
unic
ati
ons
Surve
ys
&
Tutor
ial
s,
vol.
21,
no
.
1,
pp.
686
-
728
,
20
19.
[8]
Z.
Ta
n
,
A.
Jamd
agni
,
X.
He,
P.
Nanda
,
and
R.
P.
Li
u,
“
A
sy
ste
m
for
deni
al
-
of
-
servic
e
a
tt
a
ck
det
e
ct
ion
base
d
o
n
m
ult
iva
ri
at
e
cor
rel
a
ti
on
ana
l
y
si
s,”
IE
EE
transacti
ons
on
par
all
el
and
distri
bute
d
syst
ems,
vol.
25,
no
.
2
,
pp.
447
-
456
,
20
14.
[9]
N.
L
y
amin,
A.
Vinel
,
M.
Jons
s
on,
and
J.
Loo,
“
Rea
l
-
ti
m
e
de
tecti
on
of
denial
-
of
-
servic
e
at
t
ac
ks
in
IEE
E
802.
11
p
vehi
cu
la
r
n
et
wor
ks,”
IE
EE Comm
unic
ati
ons
le
t
t
ers,
vol
.
18
,
no
.
1,
pp
.
110
-
113
,
2014.
[10]
H.
Zha
ng,
P.
Cheng,
L.
Shi,
an
d
J.
Chen,
“
Opt
imal
deni
a
l
-
of
-
service
at
t
ac
k
sc
hedul
i
ng
with
e
ner
g
y
constra
in
t
,
”
IEE
E
Tr
ansacti
o
ns on
Aut
omat
ic
Control,
vo
l. 60, no. 11, pp. 3023
-
3028,
2015
.
[11]
B.
A.
Ta
m
a
,
a
nd
K.
-
H.
Rhee,
“
An
in
-
dept
h
expe
riment
al
st
ud
y
of
anoma
l
y
det
e
ct
ion
usin
g
gra
die
n
t
boosted
m
ac
hine
,
”
N
eural
Computing
an
d
Applicatio
ns,
v
ol.
31
,
no
.
4
,
pp
.
955
-
965,
2019
.
[12]
I.
Ulla
h
,
and
Q
.
H.
Mahm
oud,
“
A
Two
-
Le
vel
H
y
brid
Mod
el
for
Anom
al
ous
Acti
vity
Det
ection
i
n
IoT
Networks
,
”
2018
Iranian
Co
nfe
renc
e
on
Elec
tric
al
Engi
n
ee
ri
ng
(
ICEE
)
,
pp.
1
-
6
,
2019
.
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Ele
c &
C
om
p
En
g,
V
ol.
10
, No
.
4
,
A
ugus
t
2020
:
3685
-
3694
3694
[13]
C.
Kham
m
assi,
and
S.
Krich
en
,
“
A
GA
-
LR
wra
pper
appr
o
ac
h
f
or
fea
tur
e
sel
ecti
on
in
net
work
in
trusion
detec
t
ion
,
”
Computers
&
Se
curit
y
,
vol
.
70
,
p
p.
255
-
277
,
201
7.
[14]
N.
Shone,
T.
N.
Ngoc,
V.
D.
Pha
i,
an
d
Q.
Shi
,
“
A
Dee
p
Learni
n
g
Approac
h
to
Network
Intrusion
Detect
ion
,
”
I
EEE
Tr
ansact
ions o
n
Eme
rging Topics
in
Computat
io
nal
Int
el
l
ige
nc
e,
vol.
2
,
no
.
1
,
pp
.
41
-
50,
2018
.
[15]
S.
N.
Mighan
,
and
M.
K
ahani,
“
Dee
p
Lear
ning
Based
La
t
ent
Fea
ture
Extrac
t
ion
for
In
tr
usion
Detect
ion
,
”
pp.
1511
-
1516
,
2018
.
[16]
V.
Haji
sa
le
m
,
a
nd
S.
Bab
ai
e
,
“
A
h
y
b
rid
in
trusi
on
detec
t
ion
s
y
s
te
m
base
d
on
ABC
-
AF
S
al
gorithm
for
m
isuse
and
anomal
y
de
tection,”
Comput
er
Net
works,
vo
l. 1
36,
pp
.
37
-
50
,
2
018.
[17]
M.
Şim
şek,
and
A.
Şentürk,
“
Fast
and
li
ghtw
ei
ght
de
te
c
ti
on
and
fil
t
eri
ng
m
et
hod
for
low‐r
at
e
TCP
ta
r
gete
d
distri
bute
d
d
enia
l
of
service
(LD
DoS
)
at
ta
cks,
”
I
nte
rnational
Jou
rnal
of
Comm
unic
ati
on
S
yste
ms
,
vol.
31,
no.
18
,
pp.
e3823
,
2018
.
[18]
E.
Bukha
rov,
D.
Z
y
bin,
A.
Solo
vie
v,
and
A.
Ka
la
ch
,
“
Mathe
m
atical
sim
ula
ti
on
of
count
e
rm
ea
sures
to
a
tt
a
cks
of
“
deni
al
of
serv
ic
e
”
t
y
p
e
with
the
use
of
ga
m
e
the
or
y
appr
oac
h
,
”
Journal
of
Ph
ysic
s:
C
onfe
renc
e
Seri
e
s,
p
p.
012076
,
201
9.
[19]
X.
W
ang,
N.
Gu
o,
F.
Gao
,
and
J.
Feng,
“
Distribu
te
d
den
ia
l
of
ser
vic
e
at
t
ac
k
d
efence
sim
ula
t
ion
b
ase
d
on
hone
y
n
e
t
te
chno
log
y
,
”
Jo
urnal
of Ambie
nt
Intelli
g
ence
and
Hum
anized
Co
mputing
,
pp
.
1
-
1
6,
2019
.
[20]
T.
K.
Mohd,
S.
Majumdar,
A.
Mathur,
and
A.
Y.
Java
id
,
“
Sim
ula
ti
on
and
Anal
y
sis
of
DD
oS
Attack
on
Conn
ecte
d
Autonom
ous
Vehic
ul
ar
Network
using
OMNET
++
,
“
2018
9th
IEE
E
Annua
l
Ubiquit
ous
Computing,
El
ec
troni
cs
&
Mobil
e
Comm
unic
ati
on
Conf
ere
n
ce
(
UEMCON)
,
pp.
502
-
508
,
20
18
.
[21]
S.
Mohapa
tra,
a
nd
P.
Kanungo,
“
Perform
anc
e
ana
l
y
s
is
of
AO
DV,
DS
R,
OLSR
a
nd
DS
D
V
routi
ng
protoc
ols
using
NS
2
Sim
ula
tor,
”
Proce
d
ia Engi
n
ee
ring,
vol
.
30
,
pp.
69
-
76
,
2012
.
[22]
A.
Le
on,
O.
Par
ra,
and
G.
B
ermudez
,
“
LAN
-
W
AN
-
LAN
end
-
to
-
end
Network
Sim
ula
ti
on
with
N
S2,”
Inte
rnat
ion
al
Journal
of
Appli
ed
Eng
ine
ering
Re
search,
vol
.
1
3,
no
.
17
,
pp
.
13
136
-
13140,
201
8.
[23]
P.
S.
Rat
hore
,
A.
K.
Pande
y
,
an
d
D.
N.
Le
,
“
Co
m
pute
r
Network
Sim
ula
ti
on
in
NS
2:
Basic
Con
ce
pts
&
Protoco
ls
Im
ple
m
ent
at
ion
,
”
2018.
[24]
R.
Patel,
N.
Pat
el
,
and
S.
Pa
te
l
,
“
An
Approac
h
to
Anal
y
z
e
Beh
avi
or
of
Ne
twork
Eve
nts
in
NS
2
and
NS
3
Us
ing
AW
K a
nd
Xgraph,
”
In
formation
and
Comm
unication
Te
chnol
og
y
for Compe
ti
t
ive
Strat
egi
es
,
pp
.
137
-
147
,
2019
.
[25]
P.
Mee
negh
an,
a
nd
D.
Del
aney
,
“
An
int
roduc
ti
o
n
to
NS
,
Nam
a
nd
OTc
l
scriptin
g,
”
Na
ti
onal
Uni
ve
rs
it
y
of
Ire
lan
d
,
2004.
Evaluation Warning : The document was created with Spire.PDF for Python.