Providing functional stability of information networks based on the development of method for countering DDoS-attacks

Abstract

The subject of study in the paper is the process of providing the property of the functional stability of information networks. The goa l is to develop the method of countering of DDoS- attacks, which allows to effectively protect the information network, both from attacks on the overall time interval, and from slow attacks. The problem is to develop algorithms for detecting and blocking of DDoS - attacks, which describe the sequence of actions when applying the method of countering of DDoS- attacks, to evaluate of the efficiency of the proposed method. The methods, which used are graph approach, mathematical models of optimization, methods of solving nonlinear problems tasks. The following results are obtained. Algorithms are constructed for detecting and blocking DDoS-attacks which describing the sequence of actions when applying the method of countering. The algorithm for detecting attacks is implemented on the analyzer of incoming traffic, which is checked for the presence of DDoS attacks. In case of detecting such an attack, its type is determined. After that, the blocking algorithm is implemented, which reads from the database of malicious traffic source and redirects it to the software gateway, which takes on itself the further destructive influence. Conclusions. Scientific novelty of the obtained results is as follows, we have proposed the method of countering of DDoS- attacks, which effectively protects the information network, both from attacks on the overall time interval, and from slow attacks. This method allows ensuring the functional stability of the information network and is based on the use of algorithms for detecting and blocking DDoS-attacks, and also collection of information about incoming traffic with the record in the database of Sources of Malicious Traffic. When an attack is detected, it is determined her type it is started the mechanism for her blocking, which is realized in two stages. At the first stage, it is executed searching of sources of malicious traffic using the collected information about incoming packages in the database. At the second stage, it is performed direct blocking of detected sources by sending packets of replies on the backup channel through the software gateway on which, the outgoing address of server in packages replaced by the address of the gateway which it is allows to disguise the server from external destructive effects (in the case of the outside attack). When the attack from the internal network, switches ports to which connected sources of malicious traffic are disconnected. After that, the system administrator is notified, who immediately starts to search and eliminate of malicious software.