|
|
Hardware-Accelerated Device for Protection Against DoS Attacks
Kuka, Mário ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
This thesis deals with the development of a firmware for hardware-accelerated device used as a protection against amplification (D)DoS attacks. In the today's world, (D)DoS attacks are very common and cause significant financial damages. Therefore the goal is to create affordable and easy to deploy centralized device that would resolve this issue. To reach this goal, a hardware accelerator is being used for the high-volume data transfer processing through a single commonly used server. Design and implementation of the firmware had been done considering the fact that this device will be used in the networks with 100\,Gbps speed. The whole system had undergone functional verification and its real throughput was verified within the laboratory testing as well. Created device has been already deployed into the CESNET network infrastructure during the time of the writing of this thesis and it has been tested by the network administrators. Based on the received feedback, the development will continue focusing on expanding of the detection of more types of attacks.
|
|
|
P4 Language-Based Description of Accelerated Device against DoS Attacks
Kuka, Mário ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
This thesis describes the development of a networking device used to defend against (D)DoS attacks using P4 language. The main purpose was to design flexible device using P4 lan-guage based on already existing device, this would allow us to quickly react and respond to new more complex DDoS attacks. The design of the device dealt with the transfer of individual parts of the firmware into the P4 language. Subsequently, the entire device firmware was designed for hardware accelerators with FPGA technology. The firmware had been designed with respect to the limitations of current P4 language compilers. The device has been tested under laboratory conditions for functionality and performance. The device will be deployed in the network infrastructure of CESNET.
|
|
|
Testing of Device for DoS Attack Protection
Burzala, Matúš ; Vrána, Roman (referee) ; Kučera, Jan (advisor)
This thesis deals with testing of a device for (D)DoS protection DCPRO, that is developed within the CESNET association. The aim of the thesis was to design and implement an extendable testing system, which would allow automated testing of DCPRO device. In addition to the testing system, there was created a collection of tests for verification of functional and performance parameters of the device within the thesis. Afterwards, the developed system was integrated into a continuous integration system Jenkins. Particularly within the thesis there were created 109 specific test scenarios to test device firmware modules, 7 throughput test scenarios, 10 test scenarios to verify proper functionality of software modules dedicated to SYN Flood and amplification attacks protection, and one test for verification of device network routing ability. The developed testing system is easily extensible. In order to simplify a future extension of the system, there is a created template encapsulated in source files for new test creation and text part of the thesis contains guide how to create new tests.
|
|
|
System for Protection against DoS Attacks
Šiška, Pavel ; Wrona, Jan (referee) ; Kučera, Jan (advisor)
This bachelor's thesis deals with the design and implementation of the software part of the system for protection against DoS attacks. Nowadays Denial of Service attacks are quite common and can cause significant financial damage to internet or service providers. The main goal of this thesis was to provide software, which is focused on high-speed data throughput and can provide efficient protection against these attacks in 100 Gbps networks. Key part of the system, which is being developed in cooperation with CESNET, is hardware-accelerated network interface card, which can process incoming network traffic at full wire-speed and does the operations laid down by the software part. The main task of the software is evaluation of the information about network traffic and managing actions of the hardware accelerator. The software part of the proposed system has been successfully implemented and the properties of the system have been verified in an experimental evaluation. During the work on this thesis the first implementation of the system has already been deployed in CESNET network infrastructure.
|
|
|
P4 Language-Based Description of Accelerated Device against DoS Attacks
Kuka, Mário ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
This thesis describes the development of a networking device used to defend against (D)DoS attacks using P4 language. The main purpose was to design flexible device using P4 lan-guage based on already existing device, this would allow us to quickly react and respond to new more complex DDoS attacks. The design of the device dealt with the transfer of individual parts of the firmware into the P4 language. Subsequently, the entire device firmware was designed for hardware accelerators with FPGA technology. The firmware had been designed with respect to the limitations of current P4 language compilers. The device has been tested under laboratory conditions for functionality and performance. The device will be deployed in the network infrastructure of CESNET.
|
|
|
Testing of Device for DoS Attack Protection
Burzala, Matúš ; Vrána, Roman (referee) ; Kučera, Jan (advisor)
This thesis deals with testing of a device for (D)DoS protection DCPRO, that is developed within the CESNET association. The aim of the thesis was to design and implement an extendable testing system, which would allow automated testing of DCPRO device. In addition to the testing system, there was created a collection of tests for verification of functional and performance parameters of the device within the thesis. Afterwards, the developed system was integrated into a continuous integration system Jenkins. Particularly within the thesis there were created 109 specific test scenarios to test device firmware modules, 7 throughput test scenarios, 10 test scenarios to verify proper functionality of software modules dedicated to SYN Flood and amplification attacks protection, and one test for verification of device network routing ability. The developed testing system is easily extensible. In order to simplify a future extension of the system, there is a created template encapsulated in source files for new test creation and text part of the thesis contains guide how to create new tests.
|
|
|
System for Protection against DoS Attacks
Šiška, Pavel ; Wrona, Jan (referee) ; Kučera, Jan (advisor)
This bachelor's thesis deals with the design and implementation of the software part of the system for protection against DoS attacks. Nowadays Denial of Service attacks are quite common and can cause significant financial damage to internet or service providers. The main goal of this thesis was to provide software, which is focused on high-speed data throughput and can provide efficient protection against these attacks in 100 Gbps networks. Key part of the system, which is being developed in cooperation with CESNET, is hardware-accelerated network interface card, which can process incoming network traffic at full wire-speed and does the operations laid down by the software part. The main task of the software is evaluation of the information about network traffic and managing actions of the hardware accelerator. The software part of the proposed system has been successfully implemented and the properties of the system have been verified in an experimental evaluation. During the work on this thesis the first implementation of the system has already been deployed in CESNET network infrastructure.
|
|
|
Hardware-Accelerated Device for Protection Against DoS Attacks
Kuka, Mário ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
This thesis deals with the development of a firmware for hardware-accelerated device used as a protection against amplification (D)DoS attacks. In the today's world, (D)DoS attacks are very common and cause significant financial damages. Therefore the goal is to create affordable and easy to deploy centralized device that would resolve this issue. To reach this goal, a hardware accelerator is being used for the high-volume data transfer processing through a single commonly used server. Design and implementation of the firmware had been done considering the fact that this device will be used in the networks with 100\,Gbps speed. The whole system had undergone functional verification and its real throughput was verified within the laboratory testing as well. Created device has been already deployed into the CESNET network infrastructure during the time of the writing of this thesis and it has been tested by the network administrators. Based on the received feedback, the development will continue focusing on expanding of the detection of more types of attacks.
|
guest ::
