A Study on the Benefits and Effectiveness of a Deep Analysis Model in Implementing Hands-on Exercises for DDoS Attack Detection and Prevention

Abstract

Nowadays, the increasing complexity and sophistication of Distributed Denial of Service (DDoS) attacks necessitate the development of advanced practical training systems. These systems are essential for students majoring in Network and Information System Security to gain hands-on experience in detecting, preventing, and thoroughly analyzing DDoS attacks. Traditional training environments are often limited in scope, lack scalability, and fail to incorporate comprehensive analytical tools. To address these shortcomings, this paper proposes a robust and scalable practical model that integrates the Zeek network monitoring platform, an ELK stack-based Security Information and Event Management (SIEM) system, and an attack simulation toolkit comprising Hping3, SlowHTTPTest, and custom Python-based botnet scripts. The system supports an intuitive Kibana-based interface that facilitates early detection and flexible response strategies. Experimental evaluations, including quantitative surveys and statistical analysis, demonstrate a significant improvement in students’ analytical and incident response capabilities when utilizing the proposed system compared to traditional models.