Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] The Deflect project releases BotnetDBP software suite

Dmitri Vitaliev dmitri at
Wed Feb 26 12:20:29 PST 2014

The Deflect team has spent the last two years mitigating DDoS attacks
against independent media and human rights websites. We've learnt a
thing or two along the way and have put a lot of effort into developing
open source software to make our lives (and weekends) a bit easier. The
BotnetDBP project consists of four components to detect and ban
malicious bots.

Banjax: responsible for early stage filtering, challenging and banning
of bots, identified via regular expression matching
Learn2Ban: introduces intelligent, adaptive features to botnet detection
and banning by using a machine-learning approach
Botbanger: uses the support vector machine model constructed by
Learn2Ban to test HTTP traffic and determine the legitimacy of the requester
Swabber: is responsible for managing the actual banning of IP addresses
identified by either Banjax or Learn2ban

GitHub repo:

Of note. In our experiments, current Learn2Ban accuracy has been
determined at 90% and above (i.e. both false positives and true
negatives amounted to less than 10%). In several cases, accuracy of 99%
was achieved. We continue to develop models based on larger attacks the
network receives

We rely on our community of peers and invite you to take a look at the
code. Your commentary and analysis are essential to seeing this open
source initiative mature and become of relevance to anyone running a web
server.  For reference, all components are built modularly and can be
adapted to any web service environment, albeit Banjax was written as an
Apache Traffic Server plugin.

Those of you attending Rightscon and interested to hear more about our
upcoming participatory project "Distributed Deflect", come to lightning
talk #3 on Wednesday, March 5th, 4:00-5:15pm


Dmitri Vitaliev
PGP: 6765 11E9 33AC 3F9D 1A4B 0AAC 7110 EACE 6FF1 895D

More information about the liberationtech mailing list