The system successfully detects and mitigates suspicious amounts of traffic originating from a single IP address or range, helping prevent basic DDoS attacks.
Implement detection mechanisms for identifying floods of traffic from users that share similar behavioral profiles, such as:
- Device type
- Geolocation
- Web browser version
This will help identify coordinated DDoS attacks involving large groups of similar devices.
Add analytics to detect sudden and unexplained increases in traffic to a specific page or endpoint of the web service. This includes tracking:
- Abnormal spikes in access to certain pages or APIs.
- Differentiating legitimate traffic spikes from potential DDoS attack vectors.
Implement a mechanism for identifying unusual traffic patterns, such as:
- Repetitive spikes at odd hours of the day.
- Traffic spikes that occur in a predictable or unnatural manner (e.g., sharp traffic increases every 10 minutes).