Detector of DoS Attacks via Network Flow Analysis

This software was developed as a part of the diploma thesis of my student Ing. Matěj Plch in 2012. The thesis can be found in the CTU diploma theses archive. The research was partly funded by an SGS grant "Security aspects of current information technology" No. SGS12/095/OHK3/1T/18.


An application for monitoring high-speed networks using the NetFlow protocol and detection of DoS attacks by searching for anomalies in the trends of network traffic. It analyzes types of attacks that manifest themselves by a peak in network traffic, and uses statistical methods that detect this abrupt growth. The detector combines application logic for detection in Ruby code with the use of an existing high-performance tool nfdump for NetFlow processing that is written in C.

How to Obtain the Software

If you want to test, use, or develop the software, please contact Dr. Rudolf Blažek via email.