Which workflow I would have to follow to create a DDoS detection script? My testbed needs a DDoS detection script or program/software. After detection I will use my solution to do measurements after. Do I need to cou...--prophetes.ai

Which workflow I would have to follow to create a DDoS detection script? My testbed needs a DDoS detection script or program/software. After detection I will use my solution to do measurements after. Do I need to count the number of packets per second and use a threshold mechanism for detection? Or should I have to think about extraction of some specific parameter which would point to a DDoS attack? I have seen in the market where machine learning algorithms are used for anomaly detection. In my scenarion I will be generating UDP, TCP, HTTP-GET floods. For the what is the right way to do the detection? Remember I am interested in detection and not the prevention. Have a fun time Cheers k

If you just want to detect floods, you can simply define a rate limit and when this is exceeded raise an alarm.

A more machine-learning like way would be: Train an anomaly detection algorithm with legitimate traffic. So you have to chose your features (e.g. packets per second, burst lengths, etc.) and then train you system. Finally you can then just measure the features while operating you network and feed it into the anomaly detector.