DDoS Attack Detection

Treblle’s DDoS Attack Detection feature helps you identify potential Distributed Denial of Service (DDoS) attacks by monitoring traffic patterns and flagging unusual request spikes that could indicate malicious activity.

How DDoS Detection Works

Treblle continuously monitors your API traffic and compares current request volumes to historical patterns to identify potential DDoS attacks.

Detection Algorithm

The system tracks request spikes by:

15-Minute Intervals

Analyzing traffic in 15-minute windows for granular monitoring

Daily Averages

Using historical data to establish baseline traffic patterns

Percentage Increases

Determining how much current traffic exceeds normal levels

Threat Flagging

Automatically categorizing threat levels based on traffic increases

Threat Level Classification

DDoS threats are categorized into three levels based on traffic increase percentages:

Threat Level

Details

Low Threat (80-150% increase)

Moderate traffic spike that could be legitimate increased usage or a small-scale attack. Monitor closely and investigate if sustained.

Medium Threat (150-350% increase)

Significant traffic spike likely indicating coordinated activity. Implement rate limiting and investigate source IPs.

High Threat (350%+ increase)

Severe traffic spike strongly suggesting a DDoS attack. Immediate action required - activate DDoS mitigation measures.

Accessing DDoS Monitoring

Navigate to API Dashboard

Go to your individual API dashboard for the API you want to monitor.
Open Customize Dashboard

Click the Customize Dashboard button (four squares icon) on the right side of the dashboard.

In the customize menu, find and enable the “Denial of Service” widget.
Save Changes

Click Save Changes to add the DDoS monitoring widget to your dashboard.

The Denial of Service widget displays:

Current Threat Level

Visual indicator of the current DDoS threat status

Traffic Comparison

Real-time comparison of current vs. average traffic

Percentage Increase

Exact percentage of traffic increase

Time-Based Graph

Historical view of traffic patterns and spikes

Preventive Measures

Tip

Implement multiple layers of protection to effectively defend against DDoS attacks.

To protect against DDoS attacks:

Configure Rate Limiting - Set appropriate request limits per IP and implement progressive delays for repeated requests

Use CDN Services - Leverage Content Delivery Networks for traffic distribution and enable DDoS protection features

Monitor IP Reputation - Use Treblle’s Risky IPs feature and implement automatic blocking

Set Up Custom Alerts - Create Custom Alerts for traffic spikes and configure immediate notifications

Integration with Other Security Features

DDoS detection works alongside other Treblle security features:

IP Address Security

Identify malicious IP sources and block potential threats

Request Information

Analyze request patterns and origins for suspicious activity

API Security Checks

Comprehensive security auditing for all requests

Note

By leveraging Treblle’s DDoS detection capabilities, you can quickly identify and respond to potential attacks, maintaining the availability and performance of your APIs even under malicious traffic conditions.

Treblle Docs