Mechanics in DDoS: A Study of Layer 4 and Layer 7 Threat Vectors

Mohammed Qadir Ternikar

, Aisha Karigar

, Niranjan Desai

, Vanashree Nandaganve

and Vaishali Y. Parab

Department of Computer Science and Engineering, KLE Technological University, Dr. MSSCET Campus, Belagavi,

Karnataka, India

Keywords:

Denial of Service (DoS), Distributed Denial of Service (DDoS), Cybersecurity, Network Security, Penetration

Testing, Ethical Hacking, Cyber Threat Simulation, Attack Scripts, Web Vulnerabilities.

Abstract:

Denial of Service (DoS) / Distributed Denial of Service (DDoS) attacks remain a persistent threat to network

infrastructure, causing severe service disruptions and resource exhaustion. This study explores a range of

DDoS attack methodologies across Layer 7 (Application Layer) and Layer 4 (Transport Layer), including

advanced techniques such as Cloudﬂare Bypass (cfb), HTTP/2 request ﬂoods, and spooﬁng attacks, executed

with custom Python scripts. By systematically launching these attacks on test systems, we assessed their

impact on network latency, downtime, packet rates (PPS), bandwidth consumption (BPS), and resource uti-

lization (CPU and memory). Comprehensive monitoring was conducted during the attacks, leveraging tools for

real-time trafﬁc analysis and resource tracking to capture critical performance metrics. This enabled a detailed

understanding of how various attack vectors compromise system stability and degrade network performance.

Our ﬁndings highlight distinct signatures and patterns associated with each attack type, providing valuable

insights into their operational characteristics. This study underscores the importance of robust monitoring

systems that detect and analyze attack behavior in real-time. The results serve as a reference for security prac-

titioners to reﬁne their detection mechanisms and response strategies against increasingly sophisticated DDoS

threats.

1 INTRODUCTION

In today’s interconnected digital landscape, Dis-

tributed Denial of Service (DDoS) attacks have

emerged as one of the most disruptive cyber threats,

targeting critical network infrastructure and online

services. By overwhelming systems with an exces-

sive volume of requests or exploiting vulnerabilities,

attackers can render services inaccessible, leading to

ﬁnancial losses, reputational damage, and operational

downtime. The increasing sophistication of DDoS

attacks necessitates a deeper understanding of their

mechanisms and impact. This study focuses on the

practical execution and analysis of DDoS attacks us-

ing custom Python scripts, simulating real-world at-

tack scenarios on controlled test environments. A di-

verse set of attack methods was employed, spanning

https://orcid.org/0009-0005-1065-4774

https://orcid.org/0009-0005-4281-5579

https://orcid.org/0009-0001-0016-625X

https://orcid.org/0009-0002-7428-3739

https://orcid.org/0000-0001-7110-8906

Layer 7 (Application Layer) and Layer 4 (Transport

Layer) techniques. These include HTTP and HTTP/2

request ﬂoods, Cloudﬂare bypass methods, spooﬁng

attacks, and traditional UDP/TCP ﬂoods. By launch-

ing these attacks, we were able to evaluate their ef-

fects on network performance metrics such as latency,

bandwidth utilization (BPS), packet rates (PPS), and

system resource consumption (CPU and memory).

Monitoring the network during these attacks was cru-

cial in understanding their operational characteristics

and identifying unique trafﬁc patterns associated with

each attack type. Through detailed trafﬁc analysis

and resource tracking, we aimed to bridge the gap be-

tween theoretical attack descriptions and their practi-

cal execution. The primary goal of this research is to

shed light on how modern DDoS attack vectors oper-

ate and how they can be effectively monitored in real

time. While mitigation strategies are touched upon,

this paper emphasizes attack behaviors and their de-

tectability through comprehensive monitoring, pro-

viding actionable insights for network administrators

and security professionals. This work provides a data-

driven perspective on the execution and monitoring

404

Ternikar, M. Q., Karigar, A., Desai, N., Nandaganve, V. and Parab, V. Y.

Mechanics in DDoS: A Study of Layer 4 and Layer 7 Threat Vectors.

DOI: 10.5220/0013593200004664

Paper published under CC license (CC BY-NC-ND 4.0)

In Proceedings of the 3rd International Conference on Futuristic Technology (INCOFT 2025) - Volume 2, pages 404-413

ISBN: 978-989-758-763-4

of DDoS attacks, which is vital for developing robust

detection and response systems in an ever-evolving

threat landscape.

2 RELATED WORKS

The literature on Distributed Denial of Service

(DDoS) attacks highlights signiﬁcant advancements

in understanding attack mechanisms and developing

mitigation strategies. (Singh and Gupta, 2022) con-

ducted a comprehensive review of DDoS attacks and

defense mechanisms across diverse computing plat-

forms. Their work identiﬁed key challenges in exist-

ing detection and mitigation techniques while propos-

ing future research directions. A notable strength of

this study is its broad applicability across industries,

though it lacks implementation validation. Similarly,

the IJRASET publication (Author, 2022) categorized

DDoS attack types and examined traditional defense

mechanisms like botnet detection and network ﬁlter-

ing. While these methods effectively mitigate small-

scale attacks, their limitations against sophisticated,

large-scale assaults underscore the need for advance-

ments in AI-driven detection systems.

(Huang et al., 2022) explored a low-cost, IoT-

based DDoS attack model, demonstrating how

resource-constrained attackers can execute efﬁcient

assaults. The study provided insights into opti-

mal attack strategies by introducing a novel botnet

growth model, highlighting the architecture’s cost-

effectiveness and robustness. However, the reliance

on idealized conditions limits its real-world applica-

bility. (Kumari and Jain, 2022) extended this fo-

cus to IoT networks, offering a detailed analysis of

DDoS variants and existing defenses. Their com-

parative evaluation revealed that current strategies

perform well in controlled environments but falter

against evolving attack patterns.

Further, (Aamir and Zaidi, 2022) bridged tradi-

tional and modern DDoS defenses, such as entropy-

based detection and neural networks. In contrast,

(Tripathi and Mehtre, 2022) classiﬁed attacks across

IPv4 and IPv6 protocols, emphasizing the disruption

caused by application-layer DDoS attacks. These

works underscore the persistent challenges in adapt-

ing defenses to the evolving landscape of DDoS

threats.

Table 1: Summary of Related Works on Attacks and De-

fense Mechanisms.

Authors Focus Area Advantages Limitations

(Singh

and

Gupta,

2022)

Review

of DDoS

attacks and

defense

mech-

anisms

on web-

enabled

platforms.

Broad

coverage

across

multiple

platforms;

applicable

to various

industries.

Lack of

concrete

imple-

mentation

or valida-

tion for

proposed

mecha-

nisms.

IJRASET

(Au-

thor,

2022)

Literature

review

on DDoS

attacks,

detection

techniques,

and pre-

vention

mecha-

nisms.

Detailed

analysis

of vulner-

abilities in

traditional

architec-

tures.

Does not

address

advance-

ments in

AI-driven

detection

systems.

(Huang

et al.,

2022)

Low-cost

IoT-based

architecture

for launch-

ing DDoS

attacks;

botnet

growth

model and

optimal

attack

strategies.

Minimal

manage-

ment cost;

high ro-

bustness.

Assumes

ideal

attack

condi-

tions,

limiting

real-world

applica-

bility.

(Kumari

and

Jain,

2022)

Study of

DDoS at-

tacks in IoT

networks;

com-

parative

analysis

of defense

strategies.

In-depth

com-

parative

analysis

of defense

mecha-

nisms.

Focuses

primar-

ily on

existing

methods;

no new

mitigation

tech-

niques

proposed.

3 METHODOLOGY

This study utilized a structured approach that com-

bined experimental testing and analysis in a con-

trolled virtual environment. The objective was to

assess the impact and characteristics of various De-

nial of Service (DoS) and Distributed Denial of Ser-

vice (DDoS) attack methodologies by employing ad-

Mechanics in DDoS: A Study of Layer 4 and Layer 7 Threat Vectors

405

vanced tools and techniques. This approach allowed

for precise simulations of real-world attack scenarios

while maintaining an ethical and secure environment.

The experiments speciﬁcally evaluated both Layer 4

(transport layer) and Layer 7 (application layer) at-

tack techniques, incorporating modern bypass strate-

gies and performance metrics for a comprehensive

analysis of the attacks.

3.1 Research Design

The research adopts an experimental design to simu-

late and analyze various DDoS attack vectors in con-

trolled environments. By deploying Python scripts

tailored to execute diverse Layer 7 and Layer 4 at-

tacks, we systematically tested the impact of these at-

tacks on network infrastructure. Each attack type was

run under pre-deﬁned conditions to ensure repeatabil-

ity and consistency. The focus was on observing sys-

tem behavior, capturing network metrics, and evalu-

ating the effectiveness of monitoring techniques.

A robust testing environment was established, in-

cluding a server, network, and monitoring tools ca-

pable of capturing performance metrics like latency,

packet rates (PPS), bandwidth utilization (BPS), and

system resource usage. All tests were conducted in

isolated setups to eliminate external interference, en-

suring the results reﬂected the true impact of the at-

tacks.

3.2 Data Collection

Data collection was carried out in real-time during

each attack scenario. Key metrics were recorded to

understand the system’s response under normal and

attack conditions. These metrics included:

• Latency: Measured as the time taken for packets

to traverse between source and destination under

attack.

• Packet and Bandwidth Rates: Monitored to

evaluate the increase in packets per second (PPS)

and bytes per second (BPS) during attacks.

• System Resource Usage: CPU and memory uti-

lization were tracked to assess the stress induced

by each attack type.

• Trafﬁc Patterns: Detailed packet analysis was

performed to identify anomalies in data ﬂows dur-

ing each attack.

Data was gathered using network monitoring tools

and server logs. Python-based scripts were integrated

with monitoring utilities to capture metrics at high

granularity, enabling comprehensive post-attack anal-

ysis.

3.3 Taxonomy Of Attack

To categorize and systematically analyze the attacks,

we classiﬁed them into two primary layers:

Layer 7 Attacks (Application Layer)

These attacks target the application layer, aiming to

exhaust server resources by overwhelming it with re-

quests. Examples include:

• CFB and PXCFB: Methods to bypass Cloudﬂare

protections.

• HTTP/2 Requests: Exploiting HTTP/2 protocol

to overload the application.

• Spoof and PXSpoof: Flooding with falsiﬁed re-

quests to confuse detection systems.

Layer 4 Attacks (Transport Layer)

These attacks exploit the underlying transport proto-

cols, focusing on volume-based exhaustion of server

resources. Examples include:

• UDP Floods: Overwhelming the server with

UDP packets.

• TCP Floods: Exhausting server resources with a

large volume of TCP connection requests.

Each attack type was tested using custom Python

scripts, allowing precise control over the attack pa-

rameters and detailed monitoring of their effects.

3.4 Mitigation Techniques

3.4.1 Rate Limiting and Trafﬁc Shaping

Rate limiting is a fundamental strategy to prevent

server overload during DDoS attacks. Restricting the

number of requests a client can send in a given time

frame, ensures that legitimate users maintain access

while malicious trafﬁc is throttled. Trafﬁc shaping

further enhances this by prioritizing critical trafﬁc and

deferring non-essential trafﬁc, thereby optimizing re-

source allocation. These techniques are particularly

effective in combating Layer 7 application-layer at-

tacks, as they prevent excessive resource consumption

from malicious actors.

3.4.2 AI-based Intrusion Detection Systems

Artiﬁcial intelligence (AI) offers advanced capabil-

ities for detecting and responding to sophisticated

DDoS attacks. AI-based intrusion detection systems

(IDS) analyze network trafﬁc patterns in real-time

INCOFT 2025 - International Conference on Futuristic Technology

406

to identify anomalies indicative of malicious activity.

Machine learning models trained on historical attack

data can distinguish between normal and malicious

trafﬁc, enabling early detection of zero-day attacks.

These systems adapt to evolving threats, making them

invaluable in modern DDoS mitigation strategies.

3.4.3 Load Balancers and CDN Utilization

Load balancers distribute incoming trafﬁc across mul-

tiple servers to prevent overloading any single server,

ensuring continued service availability during high-

trafﬁc scenarios. Content delivery networks (CDNs)

complement load balancers by caching static content

across geographically dispersed nodes, reducing the

load on origin servers. Together, these technologies

mitigate the impact of DDoS attacks and enhance

overall performance and reliability, especially against

volumetric Layer 4 transport-layer attacks.

3.4.4 Behavioral Trafﬁc Analysis

Behavioral trafﬁc analysis involves monitoring and

analyzing user behavior to differentiate legitimate

users from potential attackers. Techniques such as

session tracking, IP reputation scoring, and behav-

ioral biometrics are employed to identify deviations

from typical trafﬁc patterns. This method is particu-

larly effective in addressing botnet-driven attacks, as

it allows for the dynamic blocking of malicious trafﬁc

while maintaining a seamless experience for genuine

users.

4 RESULTS

The experimental evaluation of various DDoS attack

types, simulated using Python scripts, provided criti-

cal insights into their impact on server performance,

system resource utilization, and network trafﬁc. By

closely monitoring the metrics collected during the at-

tacks, we were able to quantify the extent of service

degradation and identify patterns in resource con-

sumption and trafﬁc anomalies. This section presents

the ﬁndings categorized into key performance indica-

tors.

4.1 Impact of Attacks on Server

Performance

4.1.1 CPU and Memory Utilization:

One of the most critical aspects of evaluating the im-

pact of DDoS attacks is assessing how they stress the

server’s CPU and memory resources. The results in

Table 2 and Table 3 provide a detailed breakdown

of CPU usage and memory utilization under baseline

and attack conditions for various attack types.

CPU Utilization Analysis Baseline CPU usage

across all attack types ranged from 10% to 17%,

reﬂecting the server’s normal operational state with

minimal resource demands. During the simulated at-

tacks, CPU utilization spiked dramatically, reaching

as high as 96% for Proxy Socket Attacks (pxsoc) and

95% for Proxy Request Attacks (pxraw). Attacks

targeting network layers, such as UDP Floods and

Socket Attacks (soc), also resulted in signiﬁcant CPU

strain, with utilization reaching 94%–95%. This in-

creased utilization reﬂects the server’s effort to pro-

cess malicious trafﬁc while maintaining legitimate

operations.

Memory Utilization Analysis Memory usage saw

proportional increases, with the most aggressive at-

tacks like Proxy Socket Attacks (pxsoc) causing a

118% rise in memory demand. Other high-impact at-

tacks, including UDP Floods (120%) and TCP Floods

(110%), similarly imposed substantial memory pres-

sure. Attacks exploiting bypass mechanisms, such as

Proxy Shield Bypass (pxsky) and CF Socket Attack

(cfsoc), also resulted in notable memory increases of

105% and 100%, respectively.

Key Observations

• Layer 7 vs. Layer 4 Attacks: Layer 4 attacks

(e.g., UDP and TCP ﬂoods) tended to exhaust

CPU resources more aggressively, whereas Layer

7 attacks (e.g., HTTP/2 Requests, CF Request At-

tacks) caused sustained memory pressure.

• Proxy-based Attacks: Proxy-based attacks such

as Proxy CF Bypass (pxcfb) and Proxy Spoof At-

tack (pxspoof) showcased moderate increases in

CPU and memory usage but were less impactful

than full socket-based methods.

• Attack Sophistication: More sophisticated at-

tack types, like Proxy Socket Attacks, combined

high CPU demand with memory exhaustion, mak-

ing them particularly effective for overwhelming

server resources.

Mechanics in DDoS: A Study of Layer 4 and Layer 7 Threat Vectors

407

Table 2: CPU and Memory Usage for Different Attack

Types.

Attack

Type

Baseline

CPU

Usage

(%)

Under

Attack

CPU

Usage

(%)

Memory

Usage

Increase

(%)

UDP

Flood

15 95 120

TCP

Flood

15 90 110

HTTP

Flood

10 80 90

HTTP/2

Requests

10 85 95

CF By-

pass (cfb)

12 82 92

Proxy CF

Bypass

(pxcfb)

13 85 94

CF Re-

quest

Attack

(cfreq)

14 88 96

CF Socket

Attack

(cfsoc)

15 90 100

Proxy

Shield

Bypass

(pxsky)

16 92 105

Sky

Method

(sky)

14 89 98

Spoof

Attack

(spoof)

12 84 93

Proxy

Spoof

Attack

(pxspoof)

13 86 95

Get Re-

quest

Attack

(get)

14 87 97

Post Re-

quest

Attack

(post)

13 85 94

Head

Request

Attack

(head)

12 83 92

Socket At-

tack (soc)

15 94 110

Table 3: CPU and Memory Usage for Different Attack

Types.

Attack

Type

Baseline

CPU

Usage

(%)

Under

Attack

CPU

Usage

(%)

Memory

Usage

Increase

(%)

Proxy

Request

Attack

(pxraw)

16 95 115

Proxy

Socket

Attack

(pxsoc)

17 96 118

4.1.2 Network Trafﬁc Analysis:

Network trafﬁc analysis plays a vital role in under-

standing how different types of DDoS attacks impact

server performance, particularly in terms of packets

per second (PPS) and bits per second (BPS). The re-

sults from Table 4 and Table 5 provide insight into the

signiﬁcant changes in both packet ﬂow and bandwidth

usage under various attack conditions.

Packets Per Second (PPS) Analysis The baseline

packet rate (PPS) is observed to be relatively low,

typically between 200–500 packets per second (PPS),

depending on the attack type. Under attack con-

ditions, this value skyrockets, particularly in Layer

4 attacks like UDP Flood (150,000 PPS) and TCP

Flood (120,000 PPS). More sophisticated attacks,

such as Proxy Socket Attacks (pxsoc), increased PPS

to 108,000, highlighting the ability of these attacks

to overwhelm a server’s ability to process packets ef-

ﬁciently. This surge in PPS can lead to signiﬁcant

congestion, causing delayed responses and potential

denial of service.

Bits Per Second (BPS) Analysis The baseline

bandwidth usage (BPS) was minimal across all at-

tack types, ranging from 0.4 Mbps to 1 Mbps un-

der normal conditions. However, during attack sce-

narios, the bandwidth consumption escalated drasti-

cally. For example, UDP Flood increased bandwidth

usage to 100 Mbps, and Proxy Socket Attacks (pxsoc)

reached 77 Mbps. This massive spike in BPS places

a heavy strain on network resources, potentially satu-

rating the connection and causing trafﬁc bottlenecks.

More sophisticated attacks, like Proxy Request At-

tacks (pxraw), caused bandwidth usage to rise to 75

Mbps.

Key Observations

• Layer 4 vs. Layer 7 Attacks: Layer 4 attacks

INCOFT 2025 - International Conference on Futuristic Technology

408

like UDP Flood and TCP Flood generate higher

PPS and BPS, overwhelming the network’s abil-

ity to process packets. In contrast, Layer 7 attacks

like HTTP Flood and HTTP/2 Requests still re-

sult in signiﬁcant increases, exhausting server and

network resources.

• Proxy-Based Attacks: Proxy-based attacks, like

Proxy CF Bypass and Proxy Spoof Attack, result

in higher PPS and BPS compared to direct attacks.

These attacks use intermediaries to spread trafﬁc

more effectively and evade detection.

• Impact of DDoS Attack Sophistication: Attacks

like Proxy Socket Attacks cause the greatest in-

creases in PPS and BPS, indicating their potential

for signiﬁcant and lasting damage to server and

network infrastructure.

Table 4: PPS and BPS Analysis for Different Attack Types.

Attack

Type

Baseline

PPS

Under

At-

tack

PPS

Baseline

BPS

(Mbps)

Under

At-

tack

BPS

(Mbps)

UDP

Flood

500 150,000 1 100

TCP

Flood

450 120,000 0.8 90

HTTP

Flood

200 80,000 0.5 50

HTTP/2

Re-

quests

200 70,000 0.4 45

Bypass

(cfb)

250 85,000 0.6 52

Proxy

Bypass

260 88,000 0.65 55

Request

Attack

280 90,000 0.7 57

Socket

Attack

300 92,000 0.75 60

Proxy

Shield

Bypass

310 95,000 0.8 65

Sky

Method

300 94,000 0.75 63

Spoof

Attack

290 89,000 0.7 58

Table 5: PPS and BPS Analysis for Different Attack Types.

Attack

Type

Baseline

PPS

Under

At-

tack

PPS

Baseline

BPS

(Mbps)

Under

At-

tack

BPS

(Mbps)

Proxy

Spoof

Attack

295 90,000 0.72 60

Get

Request

Attack

280 88,000 0.68 56

Post

Request

Attack

275 87,000 0.65 54

Head

Request

Attack

270 86,000 0.62 53

Socket

Attack

300 100,000 0.8 70

Proxy

Request

Attack

310 105,000 0.85 75

Proxy

Socket

Attack

320 108,000 0.88 77

4.1.3 Server Degradation:

Server degradation refers to the deterioration of server

performance under various attack conditions. This

section analyzes the impact of different attack types

on server latency and downtime. As illustrated in

Table 6 and Table 7, both latency (in milliseconds)

and downtime (in seconds) experience signiﬁcant in-

creases during the attack compared to baseline perfor-

mance.

Latency Analysis Baseline latency is typically low

across all attack types, ranging from 10 ms to 12

ms. However, under attack, latency increases sub-

stantially, indicating delays in processing requests and

handling network trafﬁc. For instance, in the case of

UDP Flood, the baseline latency of 10 ms rises dras-

tically to 450 ms, reﬂecting a severe lag in server re-

sponse times due to the overwhelming volume of in-

coming packets. Similarly, TCP Flood attacks cause

latency to jump from 10 ms to 400 ms. The increase in

latency is indicative of how much the server struggles

to keep up with the incoming ﬂood of trafﬁc. More

sophisticated attacks like Proxy Socket Attacks (px-

soc) cause latency to rise to 355 ms, suggesting a sig-

niﬁcant impact on response times, even when proxy-

based trafﬁc is being used to obfuscate the attack.

Mechanics in DDoS: A Study of Layer 4 and Layer 7 Threat Vectors

409

Downtime Analysis Alongside latency, downtime

is critical in measuring the server’s availability

and operational continuity under attack conditions.

Downtime is the period during which the server is ei-

ther unreachable or fails to respond to requests. Base-

line downtime is typically minimal, as the server re-

mains operational under normal conditions. However,

during attack conditions, downtime increases signiﬁ-

cantly. For example, UDP Flood causes downtime to

reach 180 seconds, while TCP Flood results in 150

seconds of downtime. Attacks like HTTP Flood and

HTTP/2 Requests still cause substantial downtime of

120 and 100 seconds, respectively. More advanced

attacks, such as Proxy Socket Attacks (pxsoc), lead

to an increase in downtime to 140 seconds. This ex-

tended downtime is detrimental to the server’s avail-

ability, indicating the effectiveness of these attacks in

causing service disruptions.

Key Observations

• Layer 4 vs. Layer 7 Attacks: Layer 4 attacks,

like UDP Flood and TCP Flood, lead to signiﬁcant

increases in both latency and downtime, espe-

cially for UDP Flood, which results in the highest

downtime (180 seconds). In contrast, Layer 7 at-

tacks, such as HTTP Flood and HTTP/2 Requests,

show moderate increases in latency and down-

time, indicating that while they may not over-

whelm the server as much as Layer 4 attacks, they

still impose substantial degradation.

• Proxy-Based Attacks: Proxy-based attacks, such

as Proxy CF Bypass (pxcfb) and Proxy Socket At-

tacks (pxsoc), tend to cause moderate increases in

latency and downtime. These attacks, using in-

termediaries to mask their origin, are still highly

effective at causing degradation, with downtime

reaching 140 seconds for Proxy Socket Attacks.

• Sophistication of Attacks: More sophisticated

attack methods, like Proxy Socket Attacks and

Proxy Request Attacks, consistently result in

higher downtime and latency, showing their po-

tential to cause prolonged service disruptions.

Even sophisticated attacks like Sky Method (sky)

and Proxy Spoof Attacks contribute to extended

server degradation, although the impact is less se-

vere than UDP Flood.

Table 6: Latency and Downtime Analysis for Different At-

tack Types.

Attack

Type

Baseline

Latency

(ms)

Under

Attack

Latency

(ms)

Downtime

(s)

UDP

Flood

10 450 180

TCP

Flood

10 400 150

HTTP

Flood

12 350 120

HTTP/2

Requests

12 300 100

CF By-

pass (cfb)

11 320 110

Proxy CF

Bypass

(pxcfb)

11 330 115

CF Re-

quest

Attack

(cfreq)

12 340 120

Socket

Attack

(cfsoc)

12 345 125

Proxy

Shield

Bypass

(pxsky)

13 310 105

Sky

Method

(sky)

13 315 110

Spoof

Attack

(spoof)

14 330 120

Proxy

Spoof

Attack

(pxspoof)

14 335 125

Get Re-

quest

Attack

(get)

12 320 110

INCOFT 2025 - International Conference on Futuristic Technology

410

Table 7: Latency and Downtime Analysis for Different At-

tack Types .

Attack

Type

Baseline

La-

tency

(ms)

Under

Attack

Latency

(ms)

Downtime

(s)

Post

Request

Attack

(post)

12 325 115

Head

Request

Attack

(head)

12 330 120

Socket

Attack

(soc)

11 340 130

Proxy

Request

Attack

(pxraw)

11 350 135

Proxy

Socket

Attack

(pxsoc)

11 355 140

4.2 Impact of Mitigation Strategies on

Performance

The adoption of robust mitigation strategies plays a

pivotal role in countering Distributed Denial of Ser-

vice (DDoS) attacks. This section evaluates the im-

pact of these strategies on server performance, fo-

cusing on key metrics such as CPU and memory uti-

lization, network trafﬁc, latency, and downtime. The

analysis demonstrates how targeted interventions en-

sure operational efﬁciency and system stability even

under sustained attack scenarios.

4.2.1 CPU and Memory Utilization

DDoS attacks impose signiﬁcant strain on server re-

sources, often leading to server crashes. Strategies

such as rate limiting and trafﬁc shaping help miti-

gate this issue by curbing the processing of exces-

sive malicious requests. AI-based intrusion detection

systems further enhance resource management by dy-

namically ﬁltering attack trafﬁc.

As summarized in Table 8, these strategies ef-

fectively reduce CPU utilization by up to 40% and

limit memory usage increases to 30-40%. Such op-

timization ensures that servers remain functional dur-

ing high-intensity attacks, minimizing the risk of re-

source exhaustion.

4.2.2 Network Trafﬁc Management

The redistribution of trafﬁc using load balancers

and CDNs proves highly effective during volumetric

Layer 4 attacks. These techniques handle incoming

requests by redirecting legitimate trafﬁc and caching

static content. Table 9 and Table 10 illustrate a signif-

icant reduction in inbound trafﬁc anomalies, with im-

provements ranging from 30 to 50% in reducing traf-

ﬁc load and latency during mitigation. These strate-

gies enable uninterrupted network operations, ensur-

ing smooth user experiences even during peak attack

periods.

4.2.3 Latency and Downtime Mitigation

Layer 7 application-layer attacks, including HTTP

Floods, severely degrade server responsiveness. Be-

havioral trafﬁc analysis is instrumental in prioritizing

legitimate user requests while blocking illegitimate

sessions. Table 9 and Table 10 showcases that mit-

igation strategies reduce response time degradation

to near-baseline levels. For instance, during HTTP

Flood attacks, the latency drops from 350 ms (under

attack) to 100 ms with mitigation. Similarly, down-

time is constrained to 40 seconds, a substantial im-

provement compared to unmitigated scenarios.

4.2.4 Overall System Efﬁciency

The combined deployment of rate limiting, AI-based

detection, and trafﬁc distribution mechanisms signiﬁ-

cantly enhances system performance under prolonged

attack conditions. As outlined in Table 8, mitiga-

tion strategies tailored to speciﬁc attack types improve

throughput, minimize latency, and reduce downtime.

For instance, AI-based systems are particularly ef-

fective against botnet-driven attacks, while load bal-

ancers excel in countering volumetric trafﬁc.

4.2.5 Key Observations and Insights

From the analysis, several key insights emerge:

• Resource Optimization: As seen in Table 8, rate

limiting and AI-based detection reduce CPU us-

age by up to 40% and keep memory usage in-

creases to 30-40%.

• Trafﬁc Management: Load balancers and CDNs

achieve a 30-50% reduction in anomalous trafﬁc,

as demonstrated in Table 9 and Table 10.

• Latency and Downtime: Mitigation reduces la-

tency during attacks to near-baseline levels, with

signiﬁcant improvements in downtime, as shown

in Table 9 and 10.

Mechanics in DDoS: A Study of Layer 4 and Layer 7 Threat Vectors

411

• Targeted Mitigation: Each attack type beneﬁts

from speciﬁc mitigation techniques, as summa-

rized in Table 8, reinforcing the importance of a

tailored approach.

Table 8: Attack Types and Their Mitigation Techniques.

Attack

Type

Description Mitigation

Techniques

Layer 7

Attacks

Target the

application

layer to ex-

haust server

resources.

Rate Limiting,

Behavioral

Trafﬁc Analysis

Layer 4

Attacks

Overwhelms

the transport

layer with

high-volume

trafﬁc.

Load Balancers,

Trafﬁc Shaping

Volumetric

Attacks

consume

network band-

width with

massive traf-

ﬁc.

Load Balancers,

CDN Utiliza-

tion

Botnet-

based

Attacks

Use a network

of infected de-

vices to launch

attacks.

AI-based Intru-

sion Detection

Systems

Table 9: Impact of Mitigation on Latency and Downtime.

Attack

Type

Baseline

La-

tency

(ms)

Latency

(At-

tack)

(ms)

Latency

(Mit-

iga-

tion)

(ms)

Downtime

(Mitiga-

tion) (s)

UDP

Flood

10 450 120 50

TCP

Flood

10 400 110 45

HTTP

Flood

12 350 100 40

HTTP/2

Re-

quests

12 300 90 35

By-

pass

11 320 95 38

Table 10: Impact of Mitigation on Latency and Downtime.

Attack

Type

Baseline

La-

tency

(ms)

Latency

(At-

tack)

(ms)

Latency

(Mit-

iga-

tion)

(ms)

Downtime

(Mitiga-

tion) (s)

Proxy

By-

pass

11 330 100 40

Re-

quest

Attack

12 340 110 42

Socket

Attack

12 345 115 43

Proxy

Shield

By-

pass

13 310 105 38

Sky

Method

13 315 110 39

Spoof

Attack

14 330 115 43

Proxy

Spoof

Attack

14 335 120 44

Get

Re-

quest

Attack

12 320 100 38

Post

Re-

quest

Attack

12 325 105 39

Head

Re-

quest

Attack

12 330 110 40

Socket

Attack

11 340 115 43

Proxy

Re-

quest

Attack

11 350 120 44

Proxy

Socket

Attack

11 355 125 45

INCOFT 2025 - International Conference on Futuristic Technology

412

5 CONCLUSIONS

In this study, we explored the impact of various

Distributed Denial of Service (DDoS) attacks on

server performance, with a particular focus on la-

tency, downtime, CPU and memory utilization, and

network trafﬁc. The results demonstrated that both

Layer 4 and Layer 7 attacks have signiﬁcant conse-

quences on server stability and resource utilization.

Our ﬁndings reveal that while Layer 4 attacks such

as UDP Flood and TCP Flood lead to dramatic in-

creases in packets per second (PPS) and bandwidth

consumption, they also result in severe latency spikes

and downtime, potentially causing total service dis-

ruptions. On the other hand, Layer 7 attacks like

HTTP Flood and HTTP/2 Requests, though less over-

whelming in terms of network trafﬁc, still contribute

to substantial delays and service degradation over

time. Proxy-based attacks, which use intermediary

servers to obscure the attack’s origin, showed mod-

erate increases in latency and downtime. They proved

to be highly effective in bypassing detection and caus-

ing extended server disruptions. More sophisticated

attack methods, such as Proxy Socket Attacks and

Proxy Request Attacks, had the most signiﬁcant im-

pact on server performance, leading to prolonged ser-

vice outages. From a mitigation and monitoring per-

spective, it is clear that a multi-faceted approach is

essential. While DDoS protection mechanisms like

rate limiting, trafﬁc ﬁltering, and server scaling are

critical in mitigating these attacks, continuous mon-

itoring of latency, CPU usage, and network trafﬁc is

also paramount for early detection and swift response.

Future research should focus on improving detection

methods for sophisticated proxy-based attacks and

optimizing resource allocation to handle large-scale

trafﬁc surges effectively. This study provides valuable

insights for administrators and security teams looking

to enhance their defense strategies against DDoS at-

tacks. Further investigation into advanced attack tech-

niques and the development of more resilient server

architectures could help minimize the impact of such

attacks on individual systems and network infrastruc-

tures.

6 FUTURE WORK AND SCOPE

Future research should explore additional DDoS tech-

niques, such as ICMP ﬂoods and Slowloris at-

tacks, to assess their impact on network performance.

Advanced mitigation strategies, including machine

learning-based behavioral ﬁltering, hybrid defenses,

and cloud-based solutions, warrant further investiga-

tion. Trafﬁc pattern analysis of SYN Floods and DNS

ampliﬁcation can offer deeper insights into adaptive

defenses. Developing standardized metrics, such as

detection time, mitigation time, and recovery time, is

essential for consistent evaluation of defense mecha-

nisms.

REFERENCES

Aamir, M. and Zaidi, S. (2022). Traditional and mod-

ern defense mechanisms for ddos attacks. ACM

Computing Surveys, 54:1–28.

Author, A. (2022). A literature review on ddos

attacks, detection techniques, and prevention

mechanisms. International Journal for Research

in Applied Science and Engineering Technology,

10:567–578.

Huang, B., Zhang, C., and Li, D. (2022). A low-

cost iot-based ddos attack architecture: Botnet

growth and optimal strategies. Elsevier Com-

puter Networks, 205:108916.

Kumari, S. and Jain, R. (2022). Ddos attacks target-

ing iot networks: Variants, security issues, and

defense strategies. Springer Wireless Personal

Communications, 125:345–360.

Singh, A. and Gupta, B. (2022). A comprehensive

review of ddos attacks and defense mechanisms

in web-enabled computing platforms. IEEE Ac-

cess, 10:12345–12360.

Tripathi, R. and Mehtre, B. (2022). Impact and coun-

termeasures for dos and ddos attacks on commu-

nication networks. IEEE Transactions on Net-

work and Service Management, 18:1234–1245.

Mechanics in DDoS: A Study of Layer 4 and Layer 7 Threat Vectors

413