DDoSCH is a platform used to share DDoS fingerprints. The system is composed of a set of software modules available in this repository and described in our research paper.
- DDoSDB: this is the backend database and graphical interface used to share the fingerprints.
- Dissector: responsible for summarizing the DDoS traffic and generate the proper fingerprint.
- Converters: translate fingerprints to mitigation rules.
The installation process is described here. Note, these installation steps were developed for a Linux-based (Debian). You may have to customize the process if you opted to use a different flavor.
- Debian 10 Linux Machine
- System administration rights (sudo)
In the end, you will be able to run the frontend and backend of the system. You can use the Web interface (localhost:80) to list the DDoS signatures. Moreover, the backend will be able to receive the fingerprints generated by the dissector software. Note a fresh installation results in an empty database. Algotuht you can use the credentials to login on the system and check the features. If you want to populate the database you should run the software dissector.
To enable ddos_dissector upload file to the database, you should give the propers rights to users in the following interface: