MSc Thesis Proposal Announcement by Manan Patel: "Demilitarized Zone: An Exceptional Layer of Network Security to Mitigate DDoS attack"

Tuesday, October 8, 2019 - 10:00 to 12:00



The School of Computer Science at the University of Windsor is pleased to present …


MSc Thesis Proposal by:   Manan Patel

Date:  October 8, 2019
Time:  10am-12pm
Location: Lambton Tower Room 3105



In today’s era of digitalization, everything is accessible remotely through smaller devices than ever. This brings lot of concerns, security being at the top of the list for the organizations providing services to the public. The organization has to provide updated services every single time and at the same point, has to make sure that an intruder cannot get through the core of the organization which is the inside private network or LAN. Suppose an organization provides web and mail services to their customers on daily basis.  Now what if they put these servers within the local area network which opens up the vulnerability to be directly accessible by an outsider from the untrusted network like internet and then it will just be the matter of skills and machines to manipulate the whole system. So, the organizations have to make some changes within their network architecture like creating De-militarized Zone or DMZ. DMZ provides an extra layer between the inside and outside network making it difficult to get the access of the trusted network. The concept is to put all the public facing servers which provides distinguish services to the customers should be put outside of the LAN and inside of DMZ. So, every time when the remote user requests for the service through internet he will be routed directly towards the DMZ rather than to LAN which reduces the concern for an organization’s security. It is feasible to make DMZ as hardened as possible as it cannot provide the strength of the inside network but will make it harder for an intruder trying to harm the organization. The approach presented is to check whether the network with DMZ can handle DDoS attack generated using Python Script which will run on the attacker’s Linux virtual machine and the network will be emulated in GNS3. Analysis of the results will be done using Wireshark. The proposed algorithm to mitigate DDoS will be placed on the boundary device of internal network Cisco ASA to enhance the security level. At last, results will be compared to prove that DMZ with proposed algorithm will work better than the other approaches against severe DDoS attack.


Thesis Committee:

Internal Reader: Dr. Jianguo Lu
External Reader: Dr. Myron Hlynka
Advisor: Dr. Saeed Samet

MSc Thesis Proposal Announcement


5113 Lambton Tower, 401 Sunset Ave., Windsor ON, N9B 3P4 (519) 253-3000 Ext. 3716