DDoS Test Run Data set

Distributed Denial of Service (DDoS) attacks,particularly those executed by bots, significantly impair theQuality of Service (QoS) for legitimate users. While network-levelDDoS attacks have been largely mitigated through decades ofresearch, application-level DDoS attacks remain a challenge dueto the difficulty in distinguishing malicious from legitimate traffic.Traditional approaches have relied on statistical models analyzingIP addresses, traffic, and server access patterns, yet these modelsoften struggle with interpretability and can falsely identifylegitimate traffic as malicious, especially in scenarios wheremultiple users share a single public IP address. Additionally,solutions like Captcha, while popular, detract from the userexperience. This paper introduces Path-Frequency-Time (PFT), adeterministic framework that employs a multi-modal approach toidentify bot traffic accurately. It leverages criteria such as lack ofproper authentication and authorization, missing requestparameters, improper query formatting, violations of requestfrequency and concurrency limits, and inconsistencies with theapplication's flow. Depending on the nature of the breach, thecertainty of a bot attack is assessed, and a corresponding level ofresponse is initiated. This response can vary from temporarily‘suspending the request’ to completely ‘blocking the user’. Wehave applied PFT to our crowdsourced LandslideTrackerapplication and validated its effectiveness through simulated tests.Our results demonstrate that PFT maintains QoS for legitimateusers, even in the presence of substantial bot traffic.