TY - GEN
T1 - Comparative Analysis of HAProxy and Nginx Load Balancers in Mitigating User Datagram Protocol (UDP) Flood Attacks
AU - Romadhon, Faizal Wahyu
AU - Nuha, Muhammad Azza Ulin
AU - Adiprawira, Yusuf
AU - Sari, Riri Fitri
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Distributed Denial of Service (DDoS) attack refers to an unauthorized attempt by a threat actor to flood a system with fake internet traffic, aiming to disrupt the targeted services, ultimately rendering them inaccessible to legitimate users. Potential impacts include decreased service performance, connectivity disruptions, and financial losses due to operational downtime. DDoS can be performed using User Datagram Protocol (UDP) flood attacks. This paper presents a comparative analysis of High Availability Proxy (HAProxy) and Nginx load balancers for mitigating UDP Flood attacks. NS-3 simulation is used to simulate DDoS attacks and evaluate the performance of the load balancers. The results show that HAProxy outperforms Nginx in multi-layered security for mitigating DDoS attacks. Additionally, the research includes an assessment of web server performance against UDP Flood attacks and the effectiveness of IDS Suricata for detecting attacks. The findings demonstrate that HAProxy is better than Nginx in handling network traffic and system misc interrupt parameters. Furthermore, IDS Suricata proves successful in detecting DDoS attacks, while HAProxy demonstrates superior capabilities in securing against UDP Flood attacks. The paper concludes with a plan for future research and provides access to the research's source code on GitHub.
AB - Distributed Denial of Service (DDoS) attack refers to an unauthorized attempt by a threat actor to flood a system with fake internet traffic, aiming to disrupt the targeted services, ultimately rendering them inaccessible to legitimate users. Potential impacts include decreased service performance, connectivity disruptions, and financial losses due to operational downtime. DDoS can be performed using User Datagram Protocol (UDP) flood attacks. This paper presents a comparative analysis of High Availability Proxy (HAProxy) and Nginx load balancers for mitigating UDP Flood attacks. NS-3 simulation is used to simulate DDoS attacks and evaluate the performance of the load balancers. The results show that HAProxy outperforms Nginx in multi-layered security for mitigating DDoS attacks. Additionally, the research includes an assessment of web server performance against UDP Flood attacks and the effectiveness of IDS Suricata for detecting attacks. The findings demonstrate that HAProxy is better than Nginx in handling network traffic and system misc interrupt parameters. Furthermore, IDS Suricata proves successful in detecting DDoS attacks, while HAProxy demonstrates superior capabilities in securing against UDP Flood attacks. The paper concludes with a plan for future research and provides access to the research's source code on GitHub.
KW - DDoS attacks
KW - High Availability Proxy (HAProxy)
KW - Nginx load balancers
KW - NS-3 simulation
KW - UDP Flood attacks
UR - http://www.scopus.com/inward/record.url?scp=85207413796&partnerID=8YFLogxK
U2 - 10.1109/ICoICT61617.2024.10698656
DO - 10.1109/ICoICT61617.2024.10698656
M3 - Conference contribution
AN - SCOPUS:85207413796
T3 - 2024 12th International Conference on Information and Communication Technology, ICoICT 2024
SP - 354
EP - 359
BT - 2024 12th International Conference on Information and Communication Technology, ICoICT 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 12th International Conference on Information and Communication Technology, ICoICT 2024
Y2 - 7 August 2024 through 8 August 2024
ER -