METHOD OF REDUCING DAMAGE CAUSED BY NETWORK ATTACKS TO A VIRTUAL PRIVATE NETWORK Russian patent published in 2019 - IPC H04L29/06 

FIELD: information technology.

SUBSTANCE: invention relates to telecommunications. Disclosed is a method of reducing damage caused by network attacks to a virtual private network server, comprising: creating a database, after setting degree of priority of "White" IP addresses, measuring and generalizing statistics of network attack parameters, "White" and "Black" lists of IP addresses are entered in the database to correct filtering rules, in which "White" and "Black" lists of IP addresses are set based on behavioral criteria, including analysis of measured parameters of attacks, after developing versions of virtual private network server operation under DDoS attack conditions, updating filtering rules on reservoirs, processing on the sensors all requests with further aggregation of the obtained information, filtering rules on the collectors, processing all requests on sensors, filtering traffic at cleaning centers using preset filtering rules, wherein cleaning centers are connected to main communication channels via channels with high throughput capacity, detecting network attacks, when a network attack is detected, collecting statistics on the operation of the virtual private network server in DDoS attack conditions, when an attack is detected, predicting the effect of an attack on a communication node, "White" lists of IP addresses are timely supplemented when new IP addresses appear, wherein after creating the database, the degree of priority of the "White" IP addresses is set, after measuring and summarizing the network attack parameter statistics, forming an additional virtual private network server, simulating virtual private network server operation under DDoS attack conditions, based on simulation results, virtual private network server capability is provided to provide communication services to a given number of communication nodes, developing versions of functioning of a virtual private network server in DDoS attack conditions based on a variable number of communication nodes, then generating an alert server for sending service commands, after which connecting an additional virtual private network server and an alert server through an independent communication channel to a communication network, if the collected statistical data differ from data stored in the database, then the service command is sent to transfer the communication nodes to the additional virtual private network server, at the end of the attack, service commands are sent to transfer the communication nodes to the main virtual private network server, the virtual private network server is reloaded, the initial version of the virtual private network server operation is restored.

EFFECT: providing communication services of VPN units using VPN server resources owing to timely and organized transfer of VPN nodes from a primary VPN to an additional VPN server.

1 cl, 5 dwg