Protection system modelling of multi-channel automated complexes from DDoS attacks

We consider a common type of computer attacks - DDoS-attacks on automated information systems (AIS), leading to denial of service. The aim of the article is to assess the probability of failure-free operation of an automated system. Simulated protection system AIS from DDoS-attacks, which has a main protected channel for data transmission and two reserved channels. The problem of the flow allocation in the system of multi-channel service with different channel capacity is presented. The problem connected with its formal description by differential equations. The full set of hypotheses about the order of channels selection at receipt of applications for processing in the system is considered. Formulas for calculating the maximum probability of system failure in the steady-state processing of incoming applications are derived. The full probability of failure of the AIS to service the flow of applications is found. Flow parameters are evaluated for simple cases when there is a need to use additional secure channels. It is concluded that in order to avoid failures in the service flow of applications during the implementation of DDoS-attacks on AIS, it is necessary to adapt the overall bandwidth of automated systems. In addition, in case of difficulties in the analytical representation of failure probabilities, it is possible to build a simulation model of the AIS protection system.