Simulation and Assessment of Network Security

Abstract

Network security is an open area of applied concepts of computer sciences that has gained a lot of attention over past few years. Intrusion attacks particularly Distributed Denial of Service (DDOS) has recently became one of the greatest threats to the network security. DDOS attacks are virulent and most frequently occurring network attacks. Perpetration of DDOS attacks can paralyze the server and the access to the databases, websites etc. and every other online application can be seized resulting in complete network breakdown/failure. To assess the network security and to deduce precautionary measures it is important to analyze how much a network is vulnerable to such intrusion attacks. The data and websites residing on servers are of no use if their availability cannot be ensured. This research demonstrates a flood based DDOS attack. Flooding is a type of DDOS attack that occurs when a network becomes so weighed down with packets; initiating incomplete connection requests that it can no longer process genuine connection, requests resulting in high response times and unavailability of network resources i.e. a Denial of Service. The purpose of this research is to assess the network security of Bahria university by studying the (new campus) network under DDOS attack via simulation since performing such experiments on live networks involve high risks. The network model and the DDOS attack using infectious workstations (Zombies) to breach the network are simulated using OPNET simulator. With the help of obtained graphical results behavior of the network under intrusion attack is analyzed to assess vulnerability and survivability of the network. On the basis of our analysis countermeasures and possible enhancements to improve the network security against such intrusions are highlighted.