| .github/workflows | ||
| .gitignore | ||
| LICENSE | ||
| README.md | ||
AEGIS - AntiDoS
the open source (D)DoS prevention system
AEGIS aims to defend your system against denial-of-service attacks through efficient user-space packet processing. It is build during a software project at the TU Ilmenau.
Software Project
This lecture teaches students of computer science and engineering informatics methods and techniques of software engineering. By embedding the activities in the software development process, the knowledge is deepened. The course contains the development of software architecture goals, description approaches of the different models and documents, procedure with the development (processes), decision making, architecture styles/patterns and their quality characteristics, as well as the examination/evaluation of architectures.
TU Ilmenau
Ilmenau University of Technology is a university of the Free State of Thuringia in Ilmenau. It has five faculties of which one teaches computer science in bachelor
The Problem with (D)DoS
Denial-of-service attacks pose a serious threat. In the digital age, many systems are interconnected via the Internet. As a result, many companies, hospitals and government agencies have become popular targets for attack. Motives for such attacks include financial or even political reasons.
In DoS and DDoS attacks, servers and infrastructures are overloaded with a flood of meaningless requests to such an extent that they are prevented from operating normally. As a result, users may no longer be able to access the services offered and data may be lost in the
attack.In this case, even weak computers can cause great damage to much more powerful recipients. In botnets, attacks can originate from multiple computers simultaneously, in a coordinated fashion, and from a wide variety of networks.The imbalance between simplicity in generating attack traffic versus complex and resource-intensive DoS defenses further exacerbates the problem. Although occasional successes are achieved in combating DoS attacks (e.g., shutting down some large "DoS-for-hire" websites), the volume of data generated by DoS attacks continues to grow. Between 2014 and 2017 alone, the frequency of DoS attacks increased by a factor of 2.5 and the attack volume doubles almost every year. Damage is estimated to be between $20,000 and $40,000 per hour globally.
In the area of commercial DoS defenses, some approaches have stood out. The use of commercial solutions poses some problems, such as sometimes considerable costs or the problem of the necessary trust that must be placed in the operator of a DoS defense. Consequently, an efficient defense against DoS attacks with specially constructed and maintained mechanisms is a goal worth pursuing - especially if it allows several systems to be protected at the same time.
The goal of the software project is to create a system between the Internet uplink and the internal network that can effectively defend against (D)DoS attacks at a high bandwidth and in continuous operation, while users can continue to access their services without restrictions. The resulting application implements a (D)DoS traffic analyzer and intelligent rule generator, protecting internal networks from external threats that would cause system overload. It includes traffic analysis algorithms that can detect and filter out malicious traffic without affecting the user experience and without causing downtime.