PROTECTION OF WEB RESOURCES FROM DDOS ATTACKS USING CDN

Abstract

Protecting web resources from DDoS attacks (Distributed Denial of Service attacks) is a crucial issue in information security. These attacks can cause significant financial losses and damage user trust. Today, DDoS attacks are becoming more complex and powerful, using large amounts of harmful traffic to overload servers and network infrastructure. One of the effective methods to protect web resources from such attacks is by using a Content Delivery Network, or CDN. A CDN not only optimizes content delivery but also spreads the load across multiple servers, reducing the impact of DDoS attacks by distributing traffic over its network.

This article examines how CDNs can be used to protect web resources from DDoS attacks. The main goal is to explore CDN methods for filtering and limiting harmful traffic, ensuring continuous content availability, and improving resource performance. CDNs distribute incoming traffic across their global server network, helping avoid overloading single servers and efficiently countering large-scale attacks.

Key CDN protection methods include: Edge Caching - This stores static content on servers closer to users, reducing delay and lowering requests to the main server. Load Balancing-  This automatically distributes traffic across CDN servers, reducing the risk of any single point being overloaded. Geographic Server Distribution - Servers are strategically placed in different regions to minimize delays and ensure high content availability.

Additionally, CDNs use security measures such as TLS/SSL encryption to protect data transfers, Web Application Firewalls (WAFs) to guard against application-level attacks (like SQL injections and XSS), and technologies for detecting abnormal or harmful traffic. With their distributed architecture, CDNs can restrict access to targeted resources by blocking suspicious traffic at edge servers.

The results of this study show that using a CDN can significantly reduce the risk of service disruption during DDoS attacks, especially when combined with other protection methods, such as rate limiting and traffic analysis. While CDNs provide a strong level of protection, they cannot completely replace specialized cybersecurity measures and should be part of a broader security strategy.