Visualisation and analysis of DNStap data

Plot DNS requests vs. time interval (1min). Red curve = smoothed data

Inspiration

We were inspired by the challenge put forward by mice and men to analyse the data on the network. DDoS defence algorithm found in this article: M. A. Mohd Yusof, F. H. M. Ali, and M. Y. D., Detection and Defense Algorithms of Different Types of DDoS Attacks , International Journal of Engineering and Technology, Vol. 9, No. 5, October 2017

What it does

We have improved the DDoS defence algorithm illustrated in the article in "Inspiration", finding a method to determine a threshold for the amount of packet/s that must be considered in order to drop them (see the figure 9 in the article in "Inspiration". In that article, authors are not giving a method to determine their threshold (100 packet/s). Our method is based on a "smoothing procedure" of the plot DNS requests vs. time interval (See the figure in attachment). The trend of the resulting smoothed curve can be use as a threshold for the amount of packet/s that must be considered in order to drop them in case of DDoS attack.

How we built it

We used python programming language. We exported data from DNStap file through yaml module.

Challenges we ran into

Data set was huge in comparison to the computing power that we had available in the given time.

Accomplishments that we're proud of

We have improved the DDoS defence algorithm.

What we learned

Working in a team. and the ideas we came up with

What's next for Visualisation and analysis of DNStap data

Create an algorithmm to detect DDOS attacks and get more data to refine that algorithm.

Built With

matplotlib
networkx
python

Updates

Maicol Cipriani started this project — Feb 03, 2019 06:27 AM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.