Methodology proposal for proactive detection of network anomalies in e-learning system during the COVID-19 scenario

TL;DR

This paper proposes a methodology for developing a proactive detection model to identify DDoS attacks in e-learning systems during crises like COVID-19, aiming to ensure system availability.

Contribution

It introduces a novel methodology for creating a DDoS detection model tailored for e-learning environments in crisis scenarios.

Findings

Developed a model for proactive DDoS detection in e-learning systems.

Differentiates between legitimate traffic surges and malicious attacks.

Provides guidelines for maintaining e-learning system availability during crises.

Abstract

In specific conditions and crisis situations such as the pandemic of coronavirus (SARS-CoV-2), or the COVID-19 disease, e-learning systems be-came crucial for the smooth performing of teaching and other educational pro-cesses. In such scenarios, the availability of e-learning ecosystem elements is further highlighted. An indicator of the importance for securing the availability of such an ecosystem is evident from the DDoS (Distributed Denial of Service) attack on AAI@EduHr as a key authentication service for number of e-learning users in Republic of Croatia. In doing so, numerous users (teach-ers/students/administrators) were prevented from implementing and participat-ing in the planned teaching process. Given that DDoS as an anomaly of network traffic has been identified as one of the key threats to the e-learning ecosystem in crisis scenarios, this research will focus on overview of methodology for de-veloping a model for proactive detection of DDoS traffic. The challenge in de-tection is to effectively differentiate the increased traffic intensity and service requests caused by legitimate user activity (flash crowd) from the illegitimate traffic caused by a DDoS attack. The DDoS traffic detection model developed by following analyzed methodology would serve as a basis for providing further guidelines and recommendations in the form of response to events that may negatively affect the availability of e-learning ecosystem elements such as DDoS attack.