|
|
Hardware-Accelerated Device for Protection Against DoS Attacks
Kuka, Mário ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
This thesis deals with the development of a firmware for hardware-accelerated device used as a protection against amplification (D)DoS attacks. In the today's world, (D)DoS attacks are very common and cause significant financial damages. Therefore the goal is to create affordable and easy to deploy centralized device that would resolve this issue. To reach this goal, a hardware accelerator is being used for the high-volume data transfer processing through a single commonly used server. Design and implementation of the firmware had been done considering the fact that this device will be used in the networks with 100\,Gbps speed. The whole system had undergone functional verification and its real throughput was verified within the laboratory testing as well. Created device has been already deployed into the CESNET network infrastructure during the time of the writing of this thesis and it has been tested by the network administrators. Based on the received feedback, the development will continue focusing on expanding of the detection of more types of attacks.
|
|
|
P4 Language-Based Description of Accelerated Device against DoS Attacks
Kuka, Mário ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
This thesis describes the development of a networking device used to defend against (D)DoS attacks using P4 language. The main purpose was to design flexible device using P4 lan-guage based on already existing device, this would allow us to quickly react and respond to new more complex DDoS attacks. The design of the device dealt with the transfer of individual parts of the firmware into the P4 language. Subsequently, the entire device firmware was designed for hardware accelerators with FPGA technology. The firmware had been designed with respect to the limitations of current P4 language compilers. The device has been tested under laboratory conditions for functionality and performance. The device will be deployed in the network infrastructure of CESNET.
|
|
|
Testing of Device for DoS Attack Protection
Burzala, Matúš ; Vrána, Roman (referee) ; Kučera, Jan (advisor)
This thesis deals with testing of a device for (D)DoS protection DCPRO, that is developed within the CESNET association. The aim of the thesis was to design and implement an extendable testing system, which would allow automated testing of DCPRO device. In addition to the testing system, there was created a collection of tests for verification of functional and performance parameters of the device within the thesis. Afterwards, the developed system was integrated into a continuous integration system Jenkins. Particularly within the thesis there were created 109 specific test scenarios to test device firmware modules, 7 throughput test scenarios, 10 test scenarios to verify proper functionality of software modules dedicated to SYN Flood and amplification attacks protection, and one test for verification of device network routing ability. The developed testing system is easily extensible. In order to simplify a future extension of the system, there is a created template encapsulated in source files for new test creation and text part of the thesis contains guide how to create new tests.
|
|
|
P4 Language-Based Description of Accelerated Device against DoS Attacks
Kuka, Mário ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
This thesis describes the development of a networking device used to defend against (D)DoS attacks using P4 language. The main purpose was to design flexible device using P4 lan-guage based on already existing device, this would allow us to quickly react and respond to new more complex DDoS attacks. The design of the device dealt with the transfer of individual parts of the firmware into the P4 language. Subsequently, the entire device firmware was designed for hardware accelerators with FPGA technology. The firmware had been designed with respect to the limitations of current P4 language compilers. The device has been tested under laboratory conditions for functionality and performance. The device will be deployed in the network infrastructure of CESNET.
|
|
|
Testing of Device for DoS Attack Protection
Burzala, Matúš ; Vrána, Roman (referee) ; Kučera, Jan (advisor)
This thesis deals with testing of a device for (D)DoS protection DCPRO, that is developed within the CESNET association. The aim of the thesis was to design and implement an extendable testing system, which would allow automated testing of DCPRO device. In addition to the testing system, there was created a collection of tests for verification of functional and performance parameters of the device within the thesis. Afterwards, the developed system was integrated into a continuous integration system Jenkins. Particularly within the thesis there were created 109 specific test scenarios to test device firmware modules, 7 throughput test scenarios, 10 test scenarios to verify proper functionality of software modules dedicated to SYN Flood and amplification attacks protection, and one test for verification of device network routing ability. The developed testing system is easily extensible. In order to simplify a future extension of the system, there is a created template encapsulated in source files for new test creation and text part of the thesis contains guide how to create new tests.
|
|
|
Hardware-Accelerated Device for Protection Against DoS Attacks
Kuka, Mário ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
This thesis deals with the development of a firmware for hardware-accelerated device used as a protection against amplification (D)DoS attacks. In the today's world, (D)DoS attacks are very common and cause significant financial damages. Therefore the goal is to create affordable and easy to deploy centralized device that would resolve this issue. To reach this goal, a hardware accelerator is being used for the high-volume data transfer processing through a single commonly used server. Design and implementation of the firmware had been done considering the fact that this device will be used in the networks with 100\,Gbps speed. The whole system had undergone functional verification and its real throughput was verified within the laboratory testing as well. Created device has been already deployed into the CESNET network infrastructure during the time of the writing of this thesis and it has been tested by the network administrators. Based on the received feedback, the development will continue focusing on expanding of the detection of more types of attacks.
|
guest ::
