Preventing network attacks is one of the most difficult tasks in the field of information systems protection. Most modern systems have a distributed structure, their architecture is based on the use of network technologies. And ensuring the operability of such systems depends on the ability to resist malicious acts that are aimed at disrupting the work of both the network itself and the information system functioning within its framework. One of the most dangerous types of criminal activities on the Internet are the so-called DDoS-attacks. The methods used by criminals are constantly evolving and improving, from single attempts they go to corporate development. At the same time, modern systems for detecting intrusions and attacks are far from perfect and insufficiently effective from the point of view of security decisions. Therefore, the methods of work in this direction are necessary and relevant.
II. DESCRIPTION OF THE PROBLEM
Over the past few months, we have witnessed the emergence of a new attack model, rapidly gaining popularity among hackers. She was given the title “Pulsovaya Wave”. Such a hacker attack, conducted on the computer system, is characterized primarily by short, repetitive, at regular intervals, pulses whose peak power can reach 350 Gbit/s. This attack is illustrated in Fig. 1 . Such an attack can last a very long time. Pulse Wave attack has a number of advantages. First, so attackers can attack multiple targets at once. When the impulse stops, and a short lull sets in, the botnet does not stand idle, but attacks another target. Secondly, such attacks are extremely inconvenient for standard DDoS protection systems , which are based on hybrid protection techniques, that is, the first defense line is hardware on-premise products, and the second layer of protection is cloud solutions. The fact is that each impulse disconnects the equipment of the target company. To restore performance after one peak, this attack takes several minutes, but the first pulse is followed by the second, third and so on. This allows the attacker to stretch the DDoS attack for a long time and interferes with the correct operation of the security solutions. Thus, the hardware solution have neither the time nor the bandwidth to request aid cloud and server “crashes”.
III. MODELING ATTACK
For the study of DDoS-attacks “Pulse Wave” protection and development has created a model of the network consisting of a server, the user, the attacker and the gateway router. The server is located in the Net 2 has a static IP = 10.0.0.1 and is responsible for processing requests and come for logging information about them. The server is written in language python using the framework flask. Users and Attackers are on the second network Net 1. Their IP are generated randomly from the address pool 126.96.36.199/24 . Also there is A router connecting these two networks and performing the function of a firewall. The scheme of the network model is shown in Fig. 2.