Master s Thesis Defense at the College of Information Technology on "Design and Implementation of a Hybrid DDoS Attacks Detection and Mitigation Framework for Secure Fog Computing Environments"
Duhaa Fadill Abbas
The Department of Information Networks at the College of Information Technology held a master s thesis defense entitled "Design and Implementation of a Hybrid DDoS Attacks Detection and Mitigation Framework for Secure Fog Computing Environments" presented by graduate student Iman Karkawi Kareem, under the supervision of Dr. Mahdi Abadi Manaa. The defense took place at 9:00 AM on Thursday, May 29, 2025, in the conference hall of the College of Information Technology.
The thesis highlighted the significant integration of the Internet of Things (IoT) into all aspects of modern life. This rapid expansion and the continuous development of connected devices have led to serious security concerns. Among the most critical threats are Distributed Denial of Service (DDoS) attacks, which can pose severe risks to networks due to their rapid execution and detection difficulty, negatively impacting available resources and services.
A key objective of the thesis is to establish a secure environment for IoT users through the utilization of fog computing. The proposed framework is divided into two main phases: an offline phase and an online phase.
In the offline phase, four packet features (Src_IP, Dst_IP, Src_Port, and Dst_Port) are extracted and preprocessed using the Chi-square test and entropy. Two public datasets—Edge-IIoTset and CIC-DDoS2019—are employed for training machine learning algorithms: Random Forest (RF), Support Vector Machine (SVM), and Decision Tree (DT). These models are tested against SYN and UDP attacks using CIC-DDoS2019 data and against HTTP and TCP attacks using Edge-IIoTset.
The online phase encrypts the data using the Speck algorithm, while comprehensive authentication is performed simultaneously using the Elliptic Curve Diffie-Hellman (ECDH) key exchange algorithm.
The framework is evaluated based on several performance metrics, including accuracy, precision, recall, and F1-score. All three algorithms—SVM, DT, and RF—achieved 100% accuracy in detecting HTTP and TCP attacks using CIC-DDoS2019 data. For the Edge-IIoTset dataset, detection accuracy for HTTP attacks reached 93.8% for SVM and DT, and 96.9% for RF. Meanwhile, TCP attack detection achieved 100% accuracy across all three algorithms during the online phase.
The model also underwent a detailed evaluation of various network performance metrics, such as throughput, latency, execution time, and response time during the online phase, demonstrating the framework’s robustness and efficiency in handling DDoS threats in secure fog computing environments.