This project is a comprehensive solution designed to detect and prevent Distributed Denial of Service (DDoS) attacks in case of cloud servers. This work protects servers by monitoring the network traffic going to server, detecting attack patterns if necessary and implementing defensive measures to ensure system remains secure. The data collected then can be used to detect anamoly using an autoencoder.
The current state of the project addresses common DDoS attack vectors including:
- UDP Flood
- TCP SYN Flood
- HTTP Flood
- ICMP Flood
The system leverages real-time monitoring and packet analysis through graphs along with a configurable firewall and a rate-limiting logic to prevent such attacks and to protect vulnerable cloud systems.
/
├── attack/
│ └── attacker.sh # script for simulating various DDoS attacks
├── setup_firewall.sh # script to configure and start protective firewall
├── ddos_monitor_app.py # GUI based application for monitoring network traffic
├── tracker.py # attack detection through rate-limiting
├── starter.sh # a script to launch all components
└── requirements.txt # Python dependencies to installed
- Please install required Python packages:
pip install -r requirements.txt - Set up your test environment with precautions:
- Victim: Metasploitable2 Linux VM
- Attackers: Multiple Kali Linux VMs
- We need a Linux environment to run this project.
- Make scripts executable:
chmod +x starter.sh setup_firewall.sh attack/attacker.sh
The project can eb run in two ways:
Run the starter script to launch all components with default configurations of the parameters:
./starter.shFor custom configurations, you can run each component separately:
-
Start the firewall:
./setup_firewall.sh <target ip> [rate] [time-window-frame]
-
Launch the monitoring application:
sudo python3 ddos_monitor_app.py --interface <interface> --target <target>
-
Run the attack tracker:
sudo python3 tracker.py
The attacker script can be copied to a separate machine to simulate DDoS attacks:
./attacker.sh A Tkinter-based GUI application that provides:
- Real-time visualization of network traffic
- Packet logging and analysis
The detection engine that:
- Monitors packet rates (packets per second) - can be changed for single and mass ip attacks in the script
- Supports detection for single-source and distributed attacks
- Implements thresholds for normal vs. attack traffic
Configures protective measures including:
- Rate limiting
- Connection tracking
- Victim: Metasploitable2 Linux virtual machine
- Attackers: Multiple Kali Linux virtual machines
- Testing Network: Isolated virtual network
- Varun Kukreti
- Vivek Arya
- Department of Computer Science and Engineering, IIT Ropar
All tests are conducted in a controlled environment and for the purposes for simulation and testing. We in no way promote such activities. Simulating attacks on live servers and online websites is a cyber crime and legal offence and is punishable by law.