Integrated Network Forensic Framework for Detection, Validation, and Mitigation of DDoS Attacks in Private Cloud

Abstract

This reseacrh proposes an integrated network security framework for detecting, validating, and mitigating distributed denial-of-service (DDoS) attacks in a private cloud environment based on OwnCloud. The research adopts an experimental approach by implementing a web-based system developed using Python and Django, deployed within a controlled network consisting of a server, monitoring client, and MikroTik router. Network traffic acquisition is performed using Wireshark to capture real-time HTTP packets, while attack simulations are conducted using the GoldenEye tool to generate DDoS traffic patterns. Intrusion detection is carried out using Snort with customized rules to identify attack signatures. To improve detection accuracy, a validation mechanism is introduced by correlating packet capture data with intrusion alerts based on matching IP addresses and timestamps. Once validated, automated mitigation is executed through iptables firewall rules, enabling rapid blocking of malicious IP addresses. The results demonstrate that the proposed framework effectively detects abnormal traffic patterns, reduces false positives through dual-source validation, and significantly decreases malicious traffic after mitigation actions are applied. Additionally, the system provides a centralized web-based dashboard that facilitates real-time monitoring, analysis, and response to network threats. However, the reliance on signature-based detection limits the system’s ability to identify unknown or zero-day attacks. Therefore, future work is recommended to incorporate anomaly-based or machine learning approaches to enhance adaptability and scalability. Overall, the proposed framework contributes to improving the security and reliability of private cloud infrastructures against network-based attacks.