Key characteristics of network traffic to identify DDoS attacks
Modern methods of analyzing and protecting network infrastructure against DDoS (Distributed Denial of Service) attacks are discussed. A DDoS detection model has been developed using statistical techniques, which highlights the main stages of the attacks and key characteristics of network traffic that are crucial for detecting an attack. Potential and attack power are introduced as main concepts in assessing DDoS activity. To identify the type of attack, it is suggested to increase the sensitivity of the model by identifying key characteristics that distinguish between different attack stages. The features of various DDoS attack types, such as UDP Flood, UDP Reflection/Amplification, and TCP SYN Flood, are considered. A framework for modeling DDoS network attacks has been created. DDoS attacks including UDP Flood, UDP Reflection/Amplification and TCP SYN Flood were simulated using traffic data collected via the NetFlow protocol. The proposed attack characteristics, including speed, flow volume, and flow rate, allowed us to evaluate the attack's power and consider how to change the key characteristics of network traffic.
Authors: R. R. Fatkieva, A. S. Sudakov, A. S. Nersisyan
Direction: Informatics, Computer Technologies And Control
Keywords: DDoS attacks, Network security, Traffic analysis, attack detection, attack potential, attack power, key characteristics of network traffic, TCP SYN Flood, UDP Flood, UDP Reflection/Amplification, DDoS protection, cybersecurity
View full article