OWASP DPD (DDOS Prevention using DPI)
What is the DPD?
The OWASP DDoS Prevention using DPI (DPD) Project includes Methods, Strategies, Documents and Programs to dealing against DDoS attacks using Deep Packet Inspection, Medium Packet Inspection and Shallow Packet Inspection.
Due to the increase of DDoS attacks, the change of old methods to new methods and also By examining the degree of impact of services against these type of attacks, we decided to lunch a project in order to prevent this type of Attacks using Deep Packet Inspection and Accurate Network Traffic Analysis. In this project, we will first look at the steps and how to analyse network traffic to find suspicious behaviours to detect attacks, we will also analyse more than 150 types of old and new methods which is used by attackers’ step by step, and we will explain the analysis methods in detail. In the next chapter We will explain in detail how to create a traffic analysis laboratory. Then we explain and examine the methods of dealing with this type of attack using the patterns which is extracted in the traffic analysis step. In fact, we look at ways to deal with all 150 types of attacks using open source tools such as snorts, oppenappid, Lua Programming etc. finally, by simulating the same attacks, we make sure that our security strategies are working properly. At the end we will release an OWASP DPD. We will also analyse the new methods used by the attackers from year to year and publish strategies to deal with them in the new version of the project at the end of the year. In this project, we will also look at the methods used by attackers to bypass the DDoS Service Providers signatures.
OWASP DPD Project Roadmap
The below steps are just a summary of the steps we will take in this project.
*Note: the details of steps will be published as soon as possible.
**What is Deep Packet Inspection, Medium Packet Inspection and Shallow Packet Inspection?
-
Difference between SPI, MPI and DPI.
-
Important dimensions in traffic analysis.
-
Traffic analysis with Deep Packet Inspection techniques and Micro-Analysis mechanism.
-
Learning open source tools for traffic analysis and DPI.
**Explanation and investigation of network traffic attack.
-
What is the impact of DDoS attacks ?
-
How we can detect it using traffic analysis methods such as SPI, MPI, DPI, MA etc ?
-
Deep analysis of all the network traffic attacks methods in Layer 3.
-
Deep analysis of all the network traffic attacks methods in Layer 4.
-
Deep analysis of all the network traffic attacks methods in Layer 7.
**How we can prevent against DDoS Attacks?
-
Full explanation of DAQ’s, Conntrack and Hardware Offloaded techniques.
-
Full explanation of Kernel, CPU, Memory and NPU work cycles.
-
Complete explanation of Packet Processing libraries.
-
Implementation of all packet processing libraries and accurate evaluation in the use of system resources against traffic attacks.
-
Write down Signature to deal with Attacks Based on Patterns Extracted in the Traffic Analysis stage. (We will write signatures of all methods using Snort, Openappid, ebpf and Luajit)
**Simulate DDoS attack methods one by one and check the performance of our DDoS Mitigation Box.