Traffic analysis and attack detection

Attack detection



To detect the attack, we use the netflow sent by the routers and analysed by our detection solutions. Each router sends a summary of 1/2000 of traffic in real time. Our solution analyses this summary and compares it to the attack signatures. If the comparison is positive, the mitigation is set up in a matter of seconds.

The signatures analysed are based on the traffic thresholds in "packets per second" (Pps, Kpps, Mpps, Gpps) or "bytes per second" (Bps, Kbps, Mbps, Gbps) on a certain packet type such as:


  • DNS
  • ICMP
  • IP Fragment
  • IP NULL
  • IP Private
  • TCP NULL
  • TCP RST
  • TCP SYN
  • TCP ACK
  • UDP
  • ...

Depending on the attack type and size, the mitigation setup can take between 5 and 120 seconds.