Archives for 2 May,2014

You are browsing the site archives by date.

Q1 2014 Traffic Report: DDoStoyevsky’s Crimean Punishment

In the last 12 months we have seen steady growth in many aspects of the Deflect project, particularly with respect to membership, traffic, localisation and network capacity. The most significant contributing factors have been the uptake of more partners, the efficacy of our new banning software and the continued rise in DDoS attacks as a form of censorship.

To this end, we have more than doubled the number of our partners, so Deflected sites now operate in 17 languages and focus on affairs in 55 countries across the world. In addition, we have taken on more sites that report news or advocate for issues from a transnational perspective, resulting in a more even distribution of traffic from around the world.

A comparison between the first quarters of 2013 and 2014 shows this clearly.

Selection_021

Selection_020

 

We see that unique visitors have nearly tripled, the number of visits has more than doubled, page requests have all multiplied, hits are between four and five times as many and we are dealing with at least twice the amount of bandwidth as this time last year. The figures continue to grow as we move into March and April because of the current Ukraine situation. In the wake of the Euromaidan protests, the fall of the Yanukovich government and the annexation of the Crimea, we brought onto the network a number of key independent news sites operating in the region that have brought with them a large amount of traffic and a comparable amount of DDoS attacks.

The figures above are only for the legitimate traffic served. With respect to malicious requests, we saw an average of around 8MBps across the network for the month and when we first took on the Ukranian sites in March we saw spikes of 200 bots per edge.

Read More

DBP: Our Philosophy

The Deflect team has spent the last two years mitigating DDoS attacks against independent media and human rights websites. We’ve learnt a thing or two along the way and have put a lot of effort into developing open source software to make our lives (and weekends) a bit easier. The BotnetDBP project consists of four components to detect and ban malicious bots.

Banjax: responsible for early stage filtering, challenging and banning of bots, identified via regular expression matching

Learn2Ban: introduces intelligent, adaptive features to botnet detection and banning by using a machine-learning approach.

Botbanger: uses the support vector machine model constructed by Learn2Ban to test HTTP traffic and determine the legitimacy of the requester.

Swabber: is responsible for managing the actual banning of IP addresses identified by either Banjax or Learn2ban

GitHub repo

Notably, current Learn2Ban accuracy has been determined at 90% and above (i.e. both false positives and true negatives amounted to less than 10%). In several cases, accuracy of 99% was achieved. We continue to develop models based on larger attacks the network receives

We rely on our community of peers and invite you to take a look at the code. Your commentary and analysis are essential to seeing this open source initiative mature and become of relevance to anyone running a web server. For reference, all components are built modularly and can be adapted to any web service environment, albeit Banjax was written as an Apache Traffic Server plugin.

Read More