What is the ratio of "attack packet number/total packet number" for DDOS attack?
yasir
2015-06-09 09:42:56 UTC
What is the ratio of "attack packet number/total packet number" for DDOS attack?
Three answers:
?
2015-06-09 11:31:11 UTC
There is no specific ratio of packets. It depends on the frequency of the packets and the speed with which the ISP, the router and the server (if it is a website). There is no specific distinction between a normal data packet and a DDOS packet. Some ticket sales sites have collapsed under the strain when a top band's tickets go on sale. This is not a DDOS attack, but the effect is the same. The connection or the servers attached to that connection cannot take the load and things stop working.
yasir
2015-06-09 09:56:56 UTC
Thank you for the answer, i am working on DDOS detection via IP Flow statistics (Average packet number per flow, port numbers, average packet length etc..) There are too many DDOS datasets to work on it. Some datasets contain only attack packets (UCLA UDP Attack Dataset), some of them contain %30 of attack and some of them contain %5 attack in different time intervals (NUST TCP SYN Flood Dataset). This percentages are "attack packet number/total packet number". If it is over %30, i can find the significant statistical differences between attack and normal time intervals. However, if it is only %5, it is not possible to detect. I couldn't find any definition of DDOS about attack packet percentage. My advisor told me that, efenthough it is %5, you should be able to detect it. However, i think it is unrealistic. So, is there any threshold to call is as "attack"?
?
2015-06-09 09:49:07 UTC
don't know but DDOS attacks ping different machines for requests so that those machine then ping the targeted server for a response. this means anything on wifi can partake in a DDOS attack. toasters, refrigerators, and coffee machines can all take part in a virtual bank heist through a DDOS attack. and because the whole point is to overwhelm the target with sheer numbers of packets, the ratio of attacking packets to total packets is probably one where the attacking packets takes up almost all if the packets. im guessing above 90%. might be wrong though.
ⓘ
This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.