Behavior analysis techniques in DDoS mitigation

Behavior analysis techniques in DDoS mitigation

There are 2 major schools of thought in the practice of DDoS mitigation: Signature vs. heuristic based filtering. Signature based filtering is the most common method, detecting attacks based on each attack’s predetermined “fingerprint,” and effectively blocking the attack based on this day. While highly efficient, this prevents real time mitigation of “zero day” (brand new) attacks.

 

1. Network Behavior Analysis (NBA)

one primary method used by DDosHostingProtection, images known valid traffic patterns and  performs analysis against traffic that does not match the expected behavior. When traffic is abnormal, the NBA systems must make the determination whether the abnormality was organic in nature or the result of a DDoS attack. When it is determined that the spike could not have occurred as the result of organic changes in traffic patterns, the traffic is temporarily blocked.

2. Human Behavior Analysis (HBA)

a patent-pending method by DDosHostingProtection, uses similar concepts applied to Layer 7 traffic. When a Layer 7 request is received by a  DDosHostingProtection  proxy system, either deployed as a remote proxy or a local web application firewall (WAF), it is inspected to determine whether the request originated from an actual human. The Black Lotus systems maintain intelligence on the expected request patterns and are able to block requests that do not match the expected behavior. Using this logic, even a single malicious request can be identified as a member of a botnet. This information is then used to augment NBA methods and form a more effective DDoS mitigation system.

 

  • 5 Users Found This Useful
Was this answer helpful?

Related Articles

Cisco™ Anomaly Guard Module

Cisco™ Anomaly Guard Module The Cisco© Anomaly Guard Module is an integrated services module...

Top Layer Network Security

Top Layer Network Security (IPS) In addition to its content-based IPS capabilities, the Top...

RAID - Redundant array of independent disks

RAID - Redundant array of independent disks RAID (redundant array of independent disks;...

Snort (software Protection)

Snort (software Protection) Snort's open source network-based intrusion detection system...

Proxy DDoS Protected

Proxy DDos Mitigation Fully Protection Proxy® is an advanced solution recommended for...