Abstract [eng] |
Defending against Distributed Denial of Service (DDoS) attacks is one of the most important tasks to ensure service availability. At the same time it is one of the most challenging tasks because it requires complex and efficient methods to correctly identify and stop such kind of attacks. There are number of methods available to identify DDoS attacks. Some of the methods are based on single packet or connection; others evaluate packets according to all the traffic available at particular time. There is a need to identify what method or methods should be used under particular circumstances. In this work a software system is developed, which implements some of the available methods to detect DDoS attacks and creates firewall rules to stop the traffic from the hosts suspected to be participating in the attack. Implemented methods include Change Point Approach, Covariance model and Passive Measurement based Heuristics. The system enables to analyze characteristics of implemented DDoS identification methods and evaluate their efficiency in different conditions, distinguish legitimate and attacking traffic and block traffic from attacking packets. |