Multi-layer DoS mitigation system (CHIMERA)

Date of Publication


Document Type

Bachelor's Thesis

Degree Name

Bachelor of Science in Computer Science


College of Computer Studies


Computer Science

Thesis Adviser

Gregory G. Cu

Defense Panel Member

Arlyn Verina Ong
Ravi Kumar
Francis Lai


Using Network-Based Instruction Prevention Systems (NIPS) for protecting or securing computer networks have become widely popular because of the emergence of many forms of network attacks like IP spoofing and Session Hijacking. A security threat that presents a greater deal compared to the others is Volumetric and Vulnerability-based Denial-of-Service (Dos) attacks Dos attacks aimed at the Network and Transport Layer through flooding and exploiting vulnerabilities. NIPS can stop these kind of attacks but still lacks the capability of detecting a wider range of DoS attacks because it is unable to address the pressing concern of Application Layer DoS (App-DoS) attacks. NIPS could be complemented by Web Application Firewalls (WAF) to be able to mitigate these attacks on the Application Layer. However, they are only capable of defending against malicious HTTP traffic and not intended for other application layer protocols like FTP, DNS and SMTP. Having two separate systems would merit an issue on manageability as well. CHIMERA aims to consolidate these two mitigation solutions and eliminate their limitations to be able to defend the network from Volumetric, Vulnerability-based and App-DoS attacks. Test were conducted on both CHIMERA and a system with NIPS + SYN Flooding, UDP Flooding, ICMP Flooding, Nuke Attacks, Smurf Attack, Ping of Death, HTTP Slowloris, Slow HTTP POST, HTTP Slow Read, FTP request flooding, SMTP request flooding, SMTP Mail Flooding and DNS Flooding, However, the difference in the average detection time between the two systems is 10.4 seconds wherein CHIMERA is slower in terms of detection. CHIMERA only detects DoS attacks so it cannot detect logic attacks like SQL Injection and Cross-site Scripting attacks. The Latency Test shows that there is minimal delay with CHIMERA deployed since the difference with the latency in the network where CHIMERA is not deployed is only about 0.05 ms. The True Positive, False Positive, True Negative and False Negative tests also show that CHIMERA has better detection rates than the system with NIPS+WAF by 10-20%. Because of these results, we conclude that one system or less resource is enough to defend against DoS attacks on the Network Transport and Application Layer.

Abstract Format






Accession Number


Shelf Location

Archives, The Learning Commons, 12F, Henry Sy Sr. Hall

Physical Description

1 volume (various foliations) : illustrations (some colored) ; 28 cm.

This document is currently not available here.