DDoS Test Run Data set

Distributed Denial of Service (DDoS) attacks,

particularly those executed by bots, significantly impair the

Quality of Service (QoS) for legitimate users. While network-level

DDoS attacks have been largely mitigated through decades of

research, application-level DDoS attacks remain a challenge due

to the difficulty in distinguishing malicious from legitimate traffic.

Traditional approaches have relied on statistical models analyzing

IP addresses, traffic, and server access patterns, yet these models

often struggle with interpretability and can falsely identify

legitimate traffic as malicious, especially in scenarios where

multiple users share a single public IP address. Additionally,

solutions like Captcha, while popular, detract from the user

experience. This paper introduces Path-Frequency-Time (PFT), a

deterministic framework that employs a multi-modal approach to

identify bot traffic accurately. It leverages criteria such as lack of

proper authentication and authorization, missing request

parameters, improper query formatting, violations of request

frequency and concurrency limits, and inconsistencies with the

application's flow. Depending on the nature of the breach, the

certainty of a bot attack is assessed, and a corresponding level of

response is initiated. This response can vary from temporarily

‘suspending the request’ to completely ‘blocking the user’. We

have applied PFT to our crowdsourced LandslideTracker

application and validated its effectiveness through simulated tests.

Our results demonstrate that PFT maintains QoS for legitimate

users, even in the presence of substantial bot traffic.