Researchers develop defense tool against DDoS attacks

Brazil is one of the countries with higher incidence of denial-of-service (DoS), which usually occur when the network is overloaded by a volume of higher-than-normal traffic, caused intentionally to harm the availability of a system. On the academic network, which caters to universities and research institutes in the country, these types of attacks come to represent 84% of the total number of recorded incidents.

In order to protect the institutions from this risk, researchers at the Network Laboratory of the Federal University of Paraíba (UFPB) are developing, in partnership with RNP, a defensive platform for a variation of these attacks, the distributed denial of service (DDoS) attacks, which exploit more sophisticated vulnerabilities on the application layer, such as, for example, on Web sites and web servers. The platform, called SeVen, is able to identify these attacks, which usually go unnoticed, and mitigate them in real time, thus avoiding unavailability of access..

According to the research coordinator, Iguatemi E. Fonseca, attacks affecting institutional and governmental sites exploit specific vulnerabilities in HTTP protocol and, due to its great ability to change, are more difficult to be detected. “The attackers can do a mixed DDoS attack, reaching both the network and the application layer at the same time, to throw off the network administrator and the service becomes unavailable”, points out the researcher.

One of the governmental portals that could benefit from the research is the site of the Unified Selection System (Sisu, in Portuguese) of the Ministry of Education (MEC), which receives large volume of hits for the applications of the National High School Exam, that allows students to enter college. Today, to ensure system availability in the registration period, a security operation is organized by MEC, with the aid of the RNP, which monitors the traffic flow for 24 hours. The platform is more like a protection action from DDoS attacks that could derail the Sisu website access.

SeVen could still protect voice over IP (VoIP), which operate at the application layer. In the academic network, more than 100 universities and federal and research institutes currently use the service fone@RNP, which provides economy of resources to these institutions.

Currently, the platform is being tested in a pilot project with partner institutions, such as the Federal Universities of Bahia (UFBA) Espírito Santo (Ufes), University of South Santa Catarina (Unisul) and State University of Ponta Grossa (UEPG). Project management is carried out by RNP’s Working Group Program, which works in partnership with the academic community in search of innovative ICT products.

Foto: Iguatemi Fonseca at WRNP 2016, held in the city of Salvador on May.