Reynold number for detecting the distributed denial of service HTTP flooding attacks

Описание: A distributed denial of service (DDoS) attack is a highly destructive form of organized cyber-attack that targets network computers or online services. Despite the availability of numerous systems for detecting DDoS attacks, the problem remains. This paper proposes the use of mathematical methods that can detect HTTP flooding DDoS attacks effectively. This paper developed an effective mathematical approach using a Reynold number approach for detecting harmful HTTP flooding DDoS packets in incoming traffic flows before they reach the web server. The traffic will be categorized into aggregated packets based on time, and each aggregated packet will be broken down into equally smaller periods known as events, which will then be divided into groups based on (equal packet size with the same inter-arrival time). Because the aggregated packets contain multiple events, this mechanism will determine the value of the Reynold number for each event. If the computed value shows a high Reynold number in the specified group under examination, it will be classified as an HTTP flooding DDoS attack; otherwise, it will be considered normal. In experiments using the ISCX dataset, the proposed mechanism achieves a high accuracy rate of 97.14%.