Double Proxy Architecture for Data Center DDoS Mitigation

Rahmawan Bagus Trianto, Kukuh Muhammad, Dwi Novia Prasetyanti

Abstract


The increasing frequency and complexity of Distributed Denial-of-Service (DDoS) attacks present serious challenges to data center availability and service reliability. Conventional single-layer defense mechanisms are often insufficient to handle high-volume and multi-vector attacks, resulting in excessive resource consumption on critical servers. This study proposes a data center security architecture based on a double proxy system to enhance resilience against DDoS attacks. The architecture consists of two sequential reverse proxy layers, namely a public-facing proxy and an internal proxy, which collaboratively perform traffic filtering, request validation, and load isolation before forwarding requests to the application servers. Experimental evaluations were conducted under simulated TCP- and UDP-based DDoS attack scenarios to assess system performance. The results indicate that the proposed double proxy architecture significantly reduces CPU utilization by up to 76% and decreases network bandwidth consumption by up to 352 Mbps compared to a traditional single-proxy configuration. Memory and disk usage remain stable during attack conditions, demonstrating minimal performance overhead. Furthermore, the architecture effectively absorbs malicious traffic, prevents direct exposure of backend servers, and preserves data integrity. These findings suggest that the double proxy approach provides a practical, efficient, and scalable solution for mitigating modern DDoS attacks in data center environments and can be adapted to evolving cyber threat landscapes.

Keywords


data center security; DDoS mitigation; double proxy; network resilience; reverse proxy

Full Text:

PDF

References


K. S. Mahadiv Wikrama, R. Firdaus, L. Z. Medes Mendrofa, G. A. Jude Saskara, and I. M. Edy Listartha, “DDoS Attack Using GoldenEye, DAVOSET, and PyLoris Tools,” J. CoreIT J. Has. Penelit. Ilmu Komput. dan Teknol. Inf., vol. 9, no. 2, pp. 43–52, 2023, doi: 10.24014/coreit.v9i2.20020.

M. Imthiyas, S. Wani, R. Abdulkhaleq, A. Abdulghafor, A. A. Ibrahim, and A. Hafeez, “DDoS Mitigation: A review of Content Delivery Network and its DDoS Defence techniques,” Int. J. Perceptive Cogn. Comput., vol. 6, no. 2, pp. 67–76, 2020, [Online]. Available: https://journals.iium.edu.my/kict/index.php/IJPCC/article/view/160.

S. Wani, M. Imthiyas, H. Almohamedh, K. M. Alhamed, S. Almotairi, and Y. Gulzar, “Distributed Denial of Service (DDoS) Mitigation Using Blockchain—A Comprehensive Insight,” Symmetry (Basel)., vol. 13, no. 2, pp. 1–21, Jan. 2021, doi: 10.3390/sym13020227.

R. R. Zebari, S. R. M. Zeebaree, A. B. Sallow, H. M. Shukur, O. M. Ahmad, and K. Jacksi, “Distributed Denial of Service Attack Mitigation using High Availability Proxy and Network Load Balancing,” in 3rd International Conference on Advanced Science and Engineering, ICOASE 2020, 2020, pp. 174–179, doi: 10.1109/ICOASE51841.2020.9436545.

P. Satya Saputra, P. Aditya Pratama, and L. Putu Ary Sri Tjahyanti, “Perancangan Dan Komparasi Web Server Nginx Dengan Web Server Apache Serta Pemanfaatan Reverse Proxy Server Pada Nginx,” J. Komput. dan Teknol. Sains, vol. 2, no. 1, pp. 16–21, 2023.

A. Singh and B. B. Gupta, “Distributed Denial-of-Service (DDoS) Attacks and Defense Mechanisms in Various Web-Enabled Computing Platforms,” Int. J. Semant. Web Inf. Syst., vol. 18, no. 1, pp. 1–43, Apr. 2022, doi: 10.4018/IJSWIS.297143.

A. Bamane, “Detecting and Mitigating Network attacks using Network Simulator 3,” Int. J. Innov. Res. Technol., vol. 9, no. 12, pp. 1285–1292, 2023.

R. Dangi, V. K. Jha, M. Choudhary, and P. D. Bhavsar, “An Enhanced Proxy Server for Better Performance & Security of Network for Academics,” Int. J. Res. Advent Technol., vol. 7, no. 6, pp. 278–281, 2019, doi: 10.32622/ijrat.76S201955.

Z. Shah, I. Ullah, H. Li, A. Levula, and K. Khurshid, “Blockchain Based Solutions to Mitigate Distributed Denial of Service (DDoS) Attacks in the Internet of Things (IoT): A Survey,” Sensors, vol. 22, no. 3, pp. 1–26, Jan. 2022, doi: 10.3390/s22031094.

M. Wright, S. Venkatesan, M. Albanese, and M. P. Wellman, “Moving Target Defense against DDoS Attacks,” in Proceedings of the 2016 ACM Workshop on Moving Target Defense, Oct. 2016, pp. 93–104, doi: 10.1145/2995272.2995279.

S. Karnani and H. K. Shakya, “Mitigation strategies for distributed denial of service (DDoS) in SDN: A survey and taxonomy,” Inf. Secur. J. A Glob. Perspect., vol. 32, no. 6, pp. 444–468, Nov. 2023, doi: 10.1080/19393555.2022.2111004.

J. Wang, L. Wang, and R. Wang, “A Method of DDoS Attack Detection and Mitigation for the Comprehensive Coordinated Protection of SDN Controllers,” Entropy, vol. 25, no. 8, pp. 1–26, Aug. 2023, doi: 10.3390/e25081210.

M. F. Rifai, S. Hendra, H. R. Ngemba, R. Azhar, and R. Laila, “Enhancing Web Server Security against Layered Cyber Threats in Healthcare,” Adv. Sustain. Sci. Eng. Technol., vol. 6, no. 2, pp. 1–9, 2024, doi: 10.26877/asset.v6i2.18307.

P. Orosz, B. Nagy, and P. Varga, “Real-Time Detection and Mitigation Strategies Newly Appearing for DDoS Profiles,” Futur. Internet, vol. 17, no. 9, pp. 1–32, Sep. 2025, doi: 10.3390/fi17090400.

F. F. Khan, N. M. Hossain, M. N. H. Shanto, S. Bin Anwar, and J. Noor, “Mitigating DDoS Attacks Using a Resource Sharing Network,” in Proceedings of the 9th International Conference on Networking, Systems and Security, Dec. 2022, pp. 1–11, doi: 10.1145/3569551.3569560.

M. Ouhssini, K. Afdel, M. Akouhar, E. Agherrabi, and A. Abarda, “Advancements in detecting, preventing, and mitigating DDoS attacks in cloud environments: A comprehensive systematic review of state-of-the-art approaches,” Egypt. Informatics J., vol. 27, no. 100517, pp. 1–37, Sep. 2024, doi: 10.1016/j.eij.2024.100517.

P. Dharam and J. Musarrat, “An Authentication Technique to Handle DDoS Attacks in Proxy-Based Architecture An Authentication Technique to Handle DDoS Attacks in Proxy-Based Architecture,” in ICNS 2020 : The Sixteenth International Conference on Networking and Services, 2020, no. 16, pp. 49–54.

A. Rosyida Zain, I. Muhamad, M. Matin, and D. K. Kautsar, “Analisis Implementasi Modsecurity dan Reverse Proxy Untuk Pencegahan Serangan Keamanan DDoS pada Web Server,” SNIV Semin. Nas. Inov. Vokasi, vol. 2, no. 1, pp. 118–127, 2023.

T. Mahjabin, Y. Xiao, G. Sun, and W. Jiang, “A survey of distributed denial-of-service attack, prevention, and mitigation techniques,” Int. J. Distrib. Sens. Networks, vol. 13, no. 12, pp. 1–33, Dec. 2017, doi: 10.1177/1550147717741463.

E. R. Amalia, Nurheki, R. Saputra, C. Ramadhana, and E. H. Yossy, “Computer network design and implementation using load balancing technique with per connection classifier (PCC) method based on MikroTik router,” in Procedia Computer Science, 2022, vol. 216, pp. 103–111, doi: 10.1016/j.procs.2022.12.116.

I. K. S. Satwika and I. G. Andika, “Performance Analysis of an E-commerce Website Using Distributed Servers (Case Study: Ecommerce Bumdes Sarining Kukuh Winangun),” J. Comput. Networks, Archit. High Perform. Comput., vol. 6, no. 3, pp. 1390–1398, 2024, doi: 10.47709/cnahpc.v6i3.4383.

A. S. Manalu and S. S. Sitanggang, “Perancangan Dan Implementasi Private Cloud Storage Dengan Owncloud Pada Jaringan Lokal Menggunakan Virtualbox,” J. Comput. Networks, Archit. High-Performance Comput., vol. 1, no. 2, pp. 60–71, 2019, doi: 10.47709/cnahpc.v1i2.244.

F. Apriliansyah, I. Fitri, and A. Iskandar, “Implementasi Load Balancing Pada Web Server Menggunakan Nginx,” J. Teknol. dan Manaj. Inform., vol. 6, no. 1, pp. 18–26, 2020, doi: 10.3997/2214-4609.201801770.

G. Wijaya and F. V. Franklyn, “Perancangan Dan Implementasi Desain Arsitektur Cloud Yang Aman Untuk Sistem Stock Pada Halutime Thrift Shop,” Conf. Business, Soc. Sci. Technol., vol. 1, no. 1, pp. 39–46, 2021, [Online]. Available: https://journal.uib.ac.id/index.php/conescintech/article/view/5828.

Nur Fajri Fa’iz, Danna Rayana Irfawan, Aulivia Widya Putri, and Syarif Hidayatullah, “Arsitektur Jaringan Menggunakan Topologi Tree,” J. Ris. Sist. Inf. dan Tek. Inform., vol. 2, no. 3, pp. 98–104, 2024, [Online]. Available: https://doi.org/10.61132/merkurius.v2i3.112.




DOI: https://doi.org/10.17509/coelite.v5i1.98157

Refbacks

  • There are currently no refbacks.


Journal of Computer Engineering, Electronics and Information Technology (COELITE)


is published by UNIVERSITAS PENDIDIKAN INDONESIA (UPI),
and managed by Department of Computer Enginering.
Jl. Dr. Setiabudi No.229, Kota Bandung, Indonesia - 40154
email: [email protected]
e-ISSN: 2829-4149
p-ISSN: 2829-4157
Owner: OBS

https://poltekkesjakut.org/

https://poltekkeskalteng.org/

nana4d

https://poltekkessulsel.org/

https://poltekkesjaksel.org/

slot88

slot88

slot88

nana4d

nana4d

https://processoseletivo.fumec.br/

rokokbet

https://sigindonesia.com/

nana4d

slot88

https://jimki.bapin.or.id/

matauangslot

matauangslot

matauangslot

matauangslot

matauangslot

matauangslot

matauangslot

matauangslot

matauangslot

matauangslot

matauangslot

matauangslot

matauangslot

matauangslot

slot thailand

matauangslot

matauangslot

matauangslot

matauangslot

himpsi

himpsi

himpsi

himpsi

chope

mayora

matauangslot

matauangslot

matauangslot

matauangslot

matauangslot

barbartoto

toto777

barbartoto

toto777

barbartoto

barbartoto

toto777

toto777

toto777

barbartoto

toto777

toto777

barbartoto

barbartoto

barbartoto

barbartoto

barbartoto

barbartoto

barbartoto

barbartoto

barbartoto

barbartoto