Context - DDoS

• Distributed Denial-of-Service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network of Cloud infrastructure by overwhelming the target or its surrounding infrastructure with a flood of internet traffic.
• DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems resources of attack traffic.
• Exploited machines can include computers and other networked resources

Symptoms

1. Suspicious amounts of traffic originating from a single IP address or IP range
2. A flood of traffic from users who share a single behavioural profile, such as device type, geo-location, or web browser version
3. An unexplained surge in requests to a single page or endpoint
4. Odd traffic patterns such as spikes at odd hours of the day or patterns that appear to be unnatural (e.g. a spike every 10 minutes)

Features For the above problem statements, following assumptions can be made:

1. Cloud is hosting a website and providing some services to its users.
2. The website should be always up and providing services to its users (high availability).
3. The attackers can flood the website directly or via other nodes (DDoS).
4. The attacker can also sabotage the link between a client and web-server.
5. The attack can come from outside or from within the cloud infrastructure.
6. Automatically detect and recover from the DDoS attack.

Expected Solution:

• A set of developed tool(s) along with a suitable Cloud

• The demonstrated website should be protected well against different types of DDoS attack.

• In case of an attack, the developed security tools should be able to automatically detect and protect a website hosted on cloud infrastructure against DDoS attacks.

• The solution should also demonstrate the automatic recovery from the attack.

• As high availability is an essential feature, the down time (recovery time) should be minimised to the extent possible.

Competitors

DDOS Service

• Cloud flare:
  • Features:
    • Provides DDoS protection with real-time traffic monitoring, prevention, mitigation, and protection.
    • Acts as a DNS Name Server Proxy, Caching & WAF for prevention
  • Integration: Easy integration with API gateways and offers comprehensive security solutions. -> DDoS Protection Architecture - by Cloudflare -> More @CloudFlare

• Arbor by Netscout

  • ref: Site Link -> More @Arbor

• Red Blaze

  • ref: Link
  • Features: Reblaze

• AWS Shield

  • ref:

Network Traffic Analysis (SIEM)

• Splunk

• Datadog

Firewall & Security

• AWS WAF

• Mod Security

• Re-Captcha

Honeypot IDS

1. A Survey on Honeypot software & Data Analysis - Link
2. HoneyD: A Virtual Honeypot Framework - Link

DDos Attacks Prevention & Mitigation

• DDos Attack Mitigation (Github Guide) - Link

• Comprehensive survey on DDoS attacks detection & mitigation in SDN-IoT network - Link

Models

Anomaly IDS (Real-time assessment):

• DDoS lightweight detection (CNN) - Link

Log Analysis Model (Future Predictions):

• Model: Time Series Forecasting with Prophet

• Notebook: https://github.com/facebook/prophet/blob/main/notebooks/quick_start.ipynb

• Model: ML Toolkit for log detection Analysis

• Link: https://github.com/logpai/loglizer

Topics

• DDoS
• Attack Types
  • Volumetric DDos
  • Application DDoS Int