[liberationtech] The Deflect project releases BotnetDBP software suite
Dmitri Vitaliev
dmitri at equalit.ie
Wed Feb 26 12:20:29 PST 2014
The Deflect team has spent the last two years mitigating DDoS attacks
against independent media and human rights websites. We've learnt a
thing or two along the way and have put a lot of effort into developing
open source software to make our lives (and weekends) a bit easier. The
BotnetDBP project consists of four components to detect and ban
malicious bots.
https://wiki.deflect.ca/wiki/BotnetDBP
Banjax: responsible for early stage filtering, challenging and banning
of bots, identified via regular expression matching
Learn2Ban: introduces intelligent, adaptive features to botnet detection
and banning by using a machine-learning approach
Botbanger: uses the support vector machine model constructed by
Learn2Ban to test HTTP traffic and determine the legitimacy of the requester
Swabber: is responsible for managing the actual banning of IP addresses
identified by either Banjax or Learn2ban
GitHub repo: https://github.com/equalitie
Of note. In our experiments, current Learn2Ban accuracy has been
determined at 90% and above (i.e. both false positives and true
negatives amounted to less than 10%). In several cases, accuracy of 99%
was achieved. We continue to develop models based on larger attacks the
network receives https://wiki.deflect.ca/wiki/News_items
We rely on our community of peers and invite you to take a look at the
code. Your commentary and analysis are essential to seeing this open
source initiative mature and become of relevance to anyone running a web
server. For reference, all components are built modularly and can be
adapted to any web service environment, albeit Banjax was written as an
Apache Traffic Server plugin.
Those of you attending Rightscon and interested to hear more about our
upcoming participatory project "Distributed Deflect", come to lightning
talk #3 on Wednesday, March 5th, 4:00-5:15pm
Sincerely
Dmitri Vitaliev
https://equalit.ie
https://deflect.ca
PGP: 6765 11E9 33AC 3F9D 1A4B 0AAC 7110 EACE 6FF1 895D
More information about the liberationtech
mailing list