**6.5 Three-tier logs and data analysis**

DDoS attacks are performed on the designed network architectures and network and application attack results obtained before and after attack scenarios. Network attacks like ICMP flood are done with 1000 ICMP echo requests with each increasing the attack buffer size from 3700 to 3805 bytes. Application attack like HTTP Flood attack is done by increasing the thread count by "*GET / app/?id = 437793 msg = BOOM%2520HEADSHOT! HTTP/1.1 Host: IP*" and slow socket buildup simulating slow web attacks by the use of perl. The logs and Data gathered are gathered from the network firewall; for each attack is displayed in **Figure 16**.

**Figure 17.**

*Three-tier architecture attack parameter results.*

**31**

**Figure 20.**

**Figure 19.**

*Cloud Computing Security Services to Mitigate DDoS Attacks*

page load response, and application server response.

attack for page load response is presented in **Figure 19**.

*Real user monitoring for page load response (single- and three-tier).*

*Real user monitoring for browser throughput (single- and three-tier).*

attack for browser throughput are presented in **Figure 20**.

attack for application server response is presented in **Figure 21**.

obtained before and during DDoS attack for ICMP response.

Results of three-tier architecture attacks obtained before and during the DDoS attack are presented in **Figure 17**. This has the average ICMP, browser throughput,

The graph in **Figure 18** presents the results of three-tier architecture attacks

Results of three-tier architecture attacks obtained before and during DDoS

Results of three-tier architecture attacks obtained before and during DDoS

Results of three-tier architecture attacks obtained before and during DDoS

*DOI: http://dx.doi.org/10.5772/intechopen.92683*

#### **Figure 18.**

*Real user monitoring for ICMP (single- and three-tier).*

*Cloud Computing Security Services to Mitigate DDoS Attacks DOI: http://dx.doi.org/10.5772/intechopen.92683*

Results of three-tier architecture attacks obtained before and during the DDoS attack are presented in **Figure 17**. This has the average ICMP, browser throughput, page load response, and application server response.

The graph in **Figure 18** presents the results of three-tier architecture attacks obtained before and during DDoS attack for ICMP response.

Results of three-tier architecture attacks obtained before and during DDoS attack for page load response is presented in **Figure 19**.

Results of three-tier architecture attacks obtained before and during DDoS attack for browser throughput are presented in **Figure 20**.

Results of three-tier architecture attacks obtained before and during DDoS attack for application server response is presented in **Figure 21**.

**Figure 19.**

*Cloud Computing Security - Concepts and Practice*

DDoS attacks are performed on the designed network architectures and network and application attack results obtained before and after attack scenarios. Network attacks like ICMP flood are done with 1000 ICMP echo requests with each increasing the attack buffer size from 3700 to 3805 bytes. Application attack like HTTP Flood attack is done by increasing the thread count by "*GET / app/?id = 437793 msg = BOOM%2520HEADSHOT! HTTP/1.1 Host: IP*" and slow socket buildup simulating slow web attacks by the use of perl. The logs and Data gathered are gathered from the network firewall; for each attack is displayed in

**6.5 Three-tier logs and data analysis**

**Figure 16**.

**30**

**Figure 18.**

**Figure 17.**

*Three-tier architecture attack parameter results.*

*Real user monitoring for ICMP (single- and three-tier).*

*Real user monitoring for page load response (single- and three-tier).*

**Figure 20.**

*Real user monitoring for browser throughput (single- and three-tier).*

The below graph displays the availability trend metrics obtained after performing the DoS attacks on the two architectures for network and application layer design (**Figure 22**).
