One of the hardest challenges in cybersecurity is the detection and prevention of
cyber attacks. Distributed Denial of Service (DDoS) attacks and port scanning
are very common attacks on the internet. In this paper, a lightweight statistical
approach for DDoS & port scan detection is presented, in addition to preventive and
corrective countermeasures. The proposed solution is designed to be applied at the
Internet Service Provider (ISP) level. Based on aggregated NetFlow statistics, the
proposed solution relies on the Z-score and co-variance measures to detect DDoS
traffic and scan traffic as a deviation from normal traffic. The implementation
results show a high detection rate (up to 100%) for 30 seconds time slot for DDoS
and 60 seconds for port scan.
