CFP last date
20 January 2025
Reseach Article

Router Forensic Analysis against Distributed Denial of Service (DDoS) Attacks

by Oldy Ray Prayogo, Imam Riadi
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 175 - Number 39
Year of Publication: 2020
Authors: Oldy Ray Prayogo, Imam Riadi
10.5120/ijca2020920944

Oldy Ray Prayogo, Imam Riadi . Router Forensic Analysis against Distributed Denial of Service (DDoS) Attacks. International Journal of Computer Applications. 175, 39 ( Dec 2020), 19-25. DOI=10.5120/ijca2020920944

@article{ 10.5120/ijca2020920944,
author = { Oldy Ray Prayogo, Imam Riadi },
title = { Router Forensic Analysis against Distributed Denial of Service (DDoS) Attacks },
journal = { International Journal of Computer Applications },
issue_date = { Dec 2020 },
volume = { 175 },
number = { 39 },
month = { Dec },
year = { 2020 },
issn = { 0975-8887 },
pages = { 19-25 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume175/number39/31708-2020920944/ },
doi = { 10.5120/ijca2020920944 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:40:42.314224+05:30
%A Oldy Ray Prayogo
%A Imam Riadi
%T Router Forensic Analysis against Distributed Denial of Service (DDoS) Attacks
%J International Journal of Computer Applications
%@ 0975-8887
%V 175
%N 39
%P 19-25
%D 2020
%I Foundation of Computer Science (FCS), NY, USA
Abstract

A Distributed Denial of Service (DDoS) attack is a multi-computer attack targeting a single device to increase the amount of network traffic and paralyze the target. The number of DDoS attacks continues to increase and has a more sophisticated variety of attacks so that an effective technique is needed to find out information related to these attacks. This research uses the Network Forensic Generic Process Model which has 8 stages, namely preparation, detection, collection, preservation, examination, analysis, investigation, presentation, and using the live forensic method in the data acquisition process. This research uses the help of tools including Snort, Wireshark, Elasticsearch, Kibana, and Logstash. This research succeeded in obtaining digital evidence containing information related to the attack, namely, there were 5 IP addresses for the attacker, attacks that occurred on port 80 TCP with one target IP address, attacker ID, the total number of attacks totaling 126,286 attack packets and the time of the attack. This research succeeded in obtaining data and information derived from the evidence obtained, from these results it can make it easier to strengthen security at existing points of vulnerability, or as digital evidence in court.

References
  1. Praseed, A. and Thilagam, PS (2018) 'DDoS Attacks at the Application Layer: Challenges and Research Perspectives for Safeguarding Web Applications', (c), pp. 1–26. doi: 10.1109 / COMST.2018.2870658 ..
  2. Imperva (2016) 'Global DDoS Threat Landscape', Global DDoS Threat Landscape Q1 2016. Available at: https://www.incapsula.com/ddos-report/ddos-report-q1-2016.html.
  3. santhi, BVP, Kanakam, P. and Hussain, SM (2017) 'Cyber ​​Forensic Science to Diagnose Digital Crimes- A study', International Journal of Computer Trends and Technology, 50 (2), pp. 107–113. doi: 10.14445 / 22312803 / ijctt-v50p119.
  4. Kolhe, M. and Ahirao, P. (2017) 'Live Vs Dead Computer Forensic Image Acquisition', International Journal of Computer Science and Information Technologies, 8 (3), pp. 455–457.
  5. Francisco, ARL (2016) Live Vs Dead Computer Forensic Image Acquisition, Journal of Chemical Information and Modeling. doi: 10.1017 / CBO9781107415324.004.
  6. Hambali, A. and Nurmiati, S. (2018) 'Implementation of Intrusion Detection System (IDS) on PC Server Security Against Flooding Data Attacks', 28 (1), pp. 35–43.
  7. Ahmed, AA (2017) 'Investigation approach for network attack intention recognition', International Journal of Digital Crime and Forensics, 9 (1), pp. 17–38. doi: 10.4018 / IJDCF.2017010102.
  8. Baishya, RC, Hoque, N. and Bhattacharyya, DK (2017) 'DDoS attack detection using unique source IP deviation', International Journal of Network Security, 19 (6), pp. 929–939. doi: 10.6633 / IJNS.201711.19 (6) .09.
  9. Pawade, AB and Waghmode, PST (2017) 'Denial-Of-Service Attack Detection Using Artificial Neural Network Based On Genetic Algorithm and Multivariate CorrelationAnalysis', International Journal of Innovative Research in Science, Engineering and Technology, pp. 13055–13062. doi: 10.15680 / IJIRSET.2017.0607097.
  10. Agrawal, S. and Singh Rajput, R. (2017) 'Denial of Services Attack Detection using Random Forest Classifier with Information Gain', International Journal of Engineering Development and Research, 5 (3), pp. 929–938. Available at: www.ijedr.org.
  11. Mazdadi, MI, Riadi, I. and Luthfi, A. (2017) 'Live Forensics on RouterOS using API Services to Investigate Network Attacks', International Journal of Computer Science and Information Security (IJCSIS), 15 (2), pp. 406–410.
  12. Ali, SHA et al. (2016) 'A neural network model for detecting DDoS attacks using darknet traffic features', Proceedings of the International Joint Conference on Neural Networks, 2016-Octob (November 2014), pp. 2979–2985. doi: 10.1109 / IJCNN.2016.7727577.
  13. Mualfah, D. and Riadi, I. (2017) 'Network Forensics For Detecting Flooding Attack On Web Server', IJCSIS) International Journal of Computer Science and Information Security, 15 (2), pp. 326–331. doi: 10.1016 / j.ecss.2004.08.013.
  14. Mazdadi, MI, Riadi, I. and Luthfi, A. (2017) 'Live Forensics on RouterOS using API Services to Investigate Network Attacks', International Journal of Computer Science and Information Security (IJCSIS), 15 (2), pp. 406–410.
  15. Onik, MMH et al. (2018) 'A Novel Approach for Network Attack Classification Based on Sequential Questions', Annals of Emerging Technologies in Computing, 2 (2), pp. 1–14. doi: 10.33166 / aetic.2018.02.001.
  16. Muhammad, AW, Riadi, I. and Sunardi, S. (2017) 'DDoS Attack Detection Using Neural Networks with Fixed Moving Average Window Function', JISKA (Sunan Kalijaga Informatics Journal), 1 (3), p. 115.doi: 10.14421 / jiska.2017.13-03.
  17. Mazdadi, MI, Riadi, I. and Luthfi, A. (2017) 'Live Forensics on RouterOS using API Services to Investigate Network Attacks', International Journal of Computer Science and Information Security (IJCSIS), 15 (2), pp. 406–410.
  18. Hambali, A. and Nurmiati, S. (2018) 'Implementation of Intrusion Detection System (IDS) on PC Server Security Against Flooding Data Attacks', 28 (1), pp. 35–43.
  19. Mualfah, D. and Riadi, I. (2017) 'Network Forensics For Detecting Flooding Attack On Web Server', IJCSIS) International Journal of Computer Science and Information Security, 15 (2), pp. 326–331. doi: 10.1016 / j.ecss.2004.08.013.
  20. Brian Sak, JRR (2016) Mastering Kali Linux Wireless Pentesting, Mastering Kali Linux Wireless Pentesting. Available at: http://apprize.info/linux/kali/9.html.
  21. Hamilton, J. et al. (2018) 'SCADA Statistics monitoring using the elastic stack (Elasticsearch, Logstash, Kibana)', 16th Int. Conf. on Accelerator and Large Experimental Control Systems, pp. 451–455. doi: 10.18429 / JACoW-ICALEPCS2017-TUPHA034.
  22. Hariharan, A., Gupta, A., & Pal, T. (2020, March). CAMLPAD: Cybersecurity Autonomous Machine Learning Platform for Anomaly Detection. In Future of Information and Communication Conference (pp. 705-720). Springer, Cham.
  23. Kulkarni, J., Joshi, S., Bapat, S., & Jambhali, K. (2020). Analysis of System Logs for Pattern Detection and Anomaly Prediction. In Proceeding of International Conference on Computational Science and Applications (pp. 427-436). Springer, Singapore.
Index Terms

Computer Science
Information Sciences

Keywords

DDoS Attacks Network Forensic Generic Process Model Live Forensic.