Providing functional stability of information networks based on the development of method for countering DDoS-attacks
Main Article Content
Abstract
The subject of study in the paper is the process of providing the property of the functional stability of information networks. The goal is to develop the method of countering of DDoS- attacks, which allows to effectively protect the information network, both from attacks on the overall time interval, and from slow attacks. The problem is to develop algorithms for detecting and blocking of DDoS - attacks, which describe the sequence of actions when applying the method of countering of DDoS- attacks, to evaluate of the efficiency of the proposed method. The methods, which used are graph approach, mathematical models of optimization, methods of solving nonlinear problems tasks. The following results are obtained. Algorithms are constructed for detecting and blocking DDoS-attacks which describing the sequence of actions when applying the method of countering. The algorithm for detecting attacks is implemented on the analyzer of incoming traffic, which is checked for the presence of DDoS attacks. In case of detecting such an attack, its type is determined. After that, the blocking algorithm is implemented, which reads from the database of malicious traffic source and redirects it to the software gateway, which takes on itself the further destructive influence. Conclusions. Scientific novelty of the obtained results is as follows, we have proposed the method of countering of DDoS- attacks, which effectively protects the information network, both from attacks on the overall time interval, and from slow attacks. This method allows ensuring the functional stability of the information network and is based on the use of algorithms for detecting and blocking DDoS-attacks, and also collection of information about incoming traffic with the record in the database of "Sources of Malicious Traffic". When an attack is detected, it is determined her type it is started the mechanism for her blocking, which is realized in two stages. At the first stage, it is executed searching of sources of malicious traffic using the collected information about incoming packages in the database. At the second stage, it is performed direct blocking of detected sources by sending packets of replies on the backup channel through the software gateway on which, the outgoing address of server in packages replaced by the address of the gateway which it is allows to disguise the server from external destructive effects (in the case of the outside attack). When the attack from the internal network, switches ports to which connected sources of malicious traffic are disconnected. After that, the system administrator is notified, who immediately starts to search and eliminate of malicious software.
Article Details
References
Salanda, I.P., Barabash, O.V., Musienko, A.P. and Lukova-Chuiko, N.V. (2017), “Mathematical model of the structure of the 5th generation branched information network (5G) on the basis of random graphs”, Control systems, navigation and communication, PNTU, Poltava, No. 6 (46), pp. 118-121.
Ruban, I.V., Loshakov, Ye.S., Pribilnov, D.V. and Davikoza O.P. (2012), “Analysis of cybernetic attacks as significant threats to information security”, Control, navigation and communication systems, PNTU, Poltava, No. 4 (24), pp, 102-105.
Salanda, I.P., Barabash, O.V. and Musienko, A.P. (2017), “The system of indicators and criteria for formalizing the processes of ensuring the local functional stability of the branched information networks”, Control, navigation and communication systems, PNTU, Poltava, No. 1 (41), pp, 122-126.
Ruban, I.V., Loshakov, Ye.S. and Pribilnov, D.V. (2013), “Analysis of the main aspects of the impact of DOS attacks on network performance”, Modern information technologies in the field of security and defense, Kyiv, No. 3 (18), pp. 90-92.
Mashkov, V.A. and Barabash, O.V. (1998), “Self-checking and Self-diagnosis of Module Systems on the Principle of Walking Diagnostic Kernel”, Engineering Simulation, OPA, Amsterdam, Vol. 15, pp. 43-51.
Barabash, O.V., Pashkov, D.P. and Gorsky, O.M. (2016), “Informational approach to ensuring the functional stability of complex organizational ergot systems”, Information Processing Systems, KhUPS, Kharkiv, No. 9 (146), pp. 86-89.
Barabash, O.V. (2004), Methodology for constructing functionally stable distributed information systems for special purposes, NAOU, Kyiv, 224 p.
Barabash, O.V., Bodrov, S.V. and Musienko, A.P. (2015), “Method of accumulation of diagnostic information in systems of intellectual video control”, Control systems, navigation and communication, PNTU, Poltava, No. 1 (33), pp. 118-121.
Barabash, O.V., Obidin, D.M. and Musienko, AP (2014), “The algorithm of self-diagnostics of the technical condition of the switching nodes of information systems”, Modern Information Protection, Kyiv, No. 2, pp. 114-112.
Ruban, I.V., Loshakov, Ye.S. and Pribilnov, D.V. (2014), “Justification of the choice of the interval of observation in anticipation of a slow DoS-attack”, Information Processing Systems, KhUPS, Kharkiv, No. 8 (124), pp. 135-137.