Доступ предоставлен для: Guest
Портал Begell Электронная Бибилиотека e-Книги Журналы Справочники и Сборники статей Коллекции
Journal of Automation and Information Sciences
SJR: 0.275 SNIP: 0.59 CiteScore™: 0.8

ISSN Печать: 1064-2315
ISSN Онлайн: 2163-9337

Том 52, 2020 Том 51, 2019 Том 50, 2018 Том 49, 2017 Том 48, 2016 Том 47, 2015 Том 46, 2014 Том 45, 2013 Том 44, 2012 Том 43, 2011 Том 42, 2010 Том 41, 2009 Том 40, 2008 Том 39, 2007 Том 38, 2006 Том 37, 2005 Том 36, 2004 Том 35, 2003 Том 34, 2002 Том 33, 2001 Том 32, 2000 Том 31, 1999 Том 30, 1998 Том 29, 1997 Том 28, 1996

Journal of Automation and Information Sciences

DOI: 10.1615/JAutomatInfScien.v51.i9.30
pages 24-31

Web-Based Three-Layer Protection Mechanism Against Distributed Denial of Service

Askar T. Rakhmanov
Muhammad al-Khwarizmi Tashkent University of Information Technologies, Uzbekistan
Shukhrat K. Kamalov
Muhammad al-Khwarizmi Tashkent University of Information Technologies, Uzbekistan
Komil F. Kerimov
Muhammad al-Khwarizmi Tashkent University of Information Technologies, Tashkent (Uzbekistan)

Краткое описание

It is widely recognized that the distributed denial of service (DDoS) attacks can disrupt web services and lead to large revenue losses. DDoS attacks restrict and block legitimate users accessing web-servers by the exhaustion of victim's resources. Due to system leaks and a hidden security problem used, this attack has the characteristics of natural behavior and it is difficult to block it. Protection of web services is of paramount importance since the Internet is the main technology underlying e-commerce, this is the main purpose of DDoS attacks. The article proposed to isolate and protect the correct traffic from the huge volumes of DDoS traffic when an attack occurs. A new DDoS security mechanism has been developed, which is a three-layer protection mechanism based on web-servers. Combining the characteristics of web server traffic and aiming at TCP/IP reference model, it uses statistical filtering and traffic restriction in the network layer, transport layer and application layer to filter out illegal traffic to ensure normal traffic passage. Most of the illegitimate traffic is filtered by SHCF (Simplified Filtering of Hopes) algorithm at the network level. The rest of the illegal traffic is filtered according to the SYNProxyFirewall algorithm at the transmission level. Traffic restriction is used at the application level while DDoS attacks use a legitimate IP address. Due to the joint protection of the three-layer mechanism, support for the availability of web services can be provided during DDoS attacks. The protection mechanism is implemented and tested inside the Linux kernel. The result shows that a three-layer protection mechanism can effectively protect against DDoS attacks


  1. Kerimov K.F., Threat identification model of information security in electronic resources. Prospects for the development of engineering and technology and achievements of the mining and metallurgical industry over the years of independence of the Republic of Uzbekistan, Abstracts of Conference, May 12-14, 2011, Navoi, 2011, 339-340. .

  2. KozlovD.D., Petukhov A.A., Methods for detecting vulnerabilities in web applications, Programmnyye sistemy i instrumenty, 2006, No. 7, 156-166. .

  3. Kerimov K.F., Mukhsinov Sh.Sh., Ismatullayev S.O., Firewall of databases based on anomaly detection, Problemy informatiki i energetiki, 2015, 3-4. .

  4. Nizamutdinov M.K., IT-applications defense and attack tactics, BHW-Petersburg, Saint-Petersburg, 2005, 10-30. .

  5. Pazizin S.V., Fundamentals of information protection in computer systems [in Russian], TVP-Opi-PM, Moscow, 2003. .

  6. Petrenko S.A., Petrenko A.A., Intranet security audit [in Russian], DMK Press, Moscow, 2002. .

  7. Rzhavskiy K.V., Information security: practical protection of information technologies and telecommunication systems [in Russian], VolGU, Volgograd, 2002. .

  8. KhorevP.B., Methods and means of information protection in computer systems [in Russian], Gelios, Moscow, 2006. .

  9. Opanasenko V.N., Kryvyi S.L., Synthesis of adaptive logical networks on the basis of Zhegalkin polynomials, Cybernetics and Systems Analysis, 2015, 51, No. 6, 969-977, DOI: 10.1007/s-10559-015-9790-1. .

Articles with similar content:

Binary Data Flow Coding by the Method of Periodic Transposition Based on Neuron Network Logic Modules
Telecommunications and Radio Engineering, Vol.64, 2005, issue 1-6
V. N. Lopin
The Model for Integration of Information Support Processes in the System of Monitoring the State of Technical Information Protection Using New Information Technologies
Telecommunications and Radio Engineering, Vol.64, 2005, issue 1-6
S. V. Zhilinskii, S. V. Soloviev, S. A. Golovin, A. V. Zhizhelev
The Optimal Solution Algorithm for the Two-Dimensional Problem of Digital Filtering
Journal of Automation and Information Sciences, Vol.31, 1999, issue 12
Mikhail S. Yadzhak, Vladimir A. Valkovskiy
Telecommunications and Radio Engineering, Vol.72, 2013, issue 12
A. A. Pankin, E. V. Grechishnikov, P. Yu. Starodubtsev, V. G. Eryshov
Telecommunications and Radio Engineering, Vol.74, 2015, issue 1
A.A. Smirnov, A. A. Kuznetsov, D.A. Danilenko, A. Berezovsky