Thesis Abstracts 2001
Research and Graduate Studies Electrical and Computer Engineering
Archived Content
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
Analysis and Simulation of Defence Wide Area Network performance Under Denial of Service Attack
By: Timothy Richard Malo, BEng, PEng
Abstract
The Defence Wide Area Network (DWAN) provides a common computer/data communications infrastructure for interconnecting the heterogeneous Local Area Networks (LANs) and Metropolitan Area Networks (MANs) within the Department of National Defence (DND). Connection to the DWAN provides seamless access to Departmental applications such as the DIN, Peoplesoft, FMAS, and CFSSU. However, the DWAN's mandate is growing to support steadily increasing operational traffic. Therefore, the DWAN's ability to sustain operations under stressful network conditions is becoming an operational concern to commanders in theatre. A threat to sustained network operations is the use of Denial of Service (DoS) attacks. This thesis will analyze and simulate the Defence Wide Area Network (DWAN) performance under Denial of Service attacks to highlight DWAN vulnerabilities and propose solutions to mitigate negative effects associated with DoS attacks.
This thesis will select a number of DoS attacks that could be encountered on the DWAN. The choice of DoS attacks will include attacks selected from the categories of operating system based attacks, traditional network based DoS attacks and Distributed DoS (DDoS) attacks. The selection of DoS attacks will then be characterized by their implementation mechanism, as well as the type and quantity of traffic that is generated. This characterization will lead to the creation of traffic models that will be verified in a controlled laboratory environment. The validated models will then be incorporated into a DWAN baseline model that represents the current DWAN configuration. The model has been validated against actual DWAN network traffic. Network simulations will be run with this combined model (DWAN and DoS attack(s)), outlining the effects on the DWAN architecture due to the chosen DoS attack(s), highlighting those areas within the DWAN that are most vulnerable. Possible administrative responses to mitigate the effects of the attacks with respect to the DWAN will be reviewed to determine their effectiveness.
