Help Center/ Anti-DDoS Service/ User Guide/ Advanced Anti-DDoS User Guide/ Viewing Statistics
Updated on 2025-02-08 GMT+08:00
View PDF
Share

Viewing Statistics

After your services are connected to AAD, you can view the DDoS and CC attack protection reports to learn about the network security status of your services.

On the Dashboard page, you can view the following protection details:
  • DDoS Attack Protection

    You can view the security overview, traffic trend, protocol distribution, number of connections, attack distribution, security events, and blackhole events in a specified time range.

  • CC Attack Protection

    You can view the number of requests, number of attacks, bandwidth, attack distribution, attack sources, and attack events in a specified period.

Viewing DDoS Attack Protection Statistics

  1. Log in to the management console.
  2. Select a region in the upper part of the page, click in the upper left corner of the page, and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS Service Center page is displayed.
  3. In the navigation pane on the left, choose Advanced Anti-DDoS > Dashboard. The Dashboard page is displayed.
  4. Click the DDoS Attack Protection tab.
  5. Select an instance, line, and time range (last 24 hours, last 3 days, last 7 days, last 30 days, or a custom period). Table 1 describes the related parameters.

    Figure 1 DDoS attack protection
    Table 1 Parameter description

    Parameter

    Description

    Peak inbound bandwidth

    Maximum traffic accessing the specified IP address of a specified instance per second

    Peak inbound packet rate

    Maximum number of incoming packets per second

    Peak attack bandwidth

    Maximum traffic attacking the specified IP address of a specified instance per second The attack traffic refers to the attack traffic that triggers security events.

    Peak attack packet rate

    Maximum number of incoming attack packets per second

    Attacks

    Number of DDoS attacks launched on the specified IP address of a specified instance

    Traffic

    Proportions and distribution trends of inbound traffic, outbound traffic, and discarded traffic.

    Protocol distribution

    Proportions and distribution trend of protocols such as TCP, UDP, and ICMP in traffic.

    Concurrent connections

    Number of concurrent connections.

    New connections

    Number of new connections.

    Attack type distribution

    Types of attack events

    • You can click Attacks to see the type, count, and percentage of an attack.
    • You can click Attack traffic then click any colored section in the displayed circle to see the type, traffic, and traffic percentage of an attack.

    Top 5 attack types scrubbed (Kbit/s)

    Top 5 attack types that have been scrubbed

    DDoS attack events

    Details about DDoS attacks

    • Click Details next to the attack source IP address to view the complete attack source IP address list.
    • Click View Dynamic Blacklist to view the blacklisted IP addresses that are in attack.
    • Click Export to export the security event report.
    NOTE:

    Note the following points about the attack source field in the DDoS attack event report:

    • The attack sources of ongoing attacks may not be displayed.
    • Some attack events contain only some attack types. Their attack sources are not displayed.
    • Attack sources are sampled randomly. Not all attack source information is displayed.

    Blackhole events

    Blocked IP address, blocking status, blocking start time, and blocking end time.

    Click Export to export the blackhole event report.

    In the traffic or packet chart on the DDoS Attack Protection page, the display granularity varies according to the query interval. The details are as follows:

    • Query time < 20 minutes: The display granularity is 1 minute.
    • 20 minutes < Query time < 40 minutes: The display granularity is 2 minutes.
    • 40 minutes < Query time < 60 minutes: The display granularity is 3 minutes.
    • 1 hour < Query time ≤ 6 hours: The display granularity is 5 minutes.
    • 6 hours < Query time ≤ 24 hours: The display granularity is 10 minutes.
    • 1 day < Query time ≤ 7 days: The display granularity is 30 minutes.
    • 7 days < Query time ≤ 15 days: The display granularity is 1 hour.
    • 15 days < Query time ≤ 30 days: The display granularity is 14 hours.

Viewing CC Attack Protection Statistics

  1. Log in to the management console.
  2. Select a region in the upper part of the page, click in the upper left corner of the page, and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS Service Center page is displayed.
  3. In the navigation pane on the left, choose Advanced Anti-DDoS > Dashboard. The Dashboard page is displayed.
  4. Click the CC Attack Protection tab.
  5. Select a domain name and time range. For details about related parameters, see Table 2.

    Figure 2 CC Attack Protection
    Table 2 Parameter description

    Parameter

    Description

    Requests

    Total number of requests to a specified domain name

    If you select All domain names, the total number of requests to all domain names with WAF enabled is collected.

    Peak request rate

    Maximum number of requests to a specified domain name per second

    If you select All domain names, the maximum number of requests to all domain names with WAF enabled is collected per second.

    Attacks

    Number of attacks towards a specified domain name

    Attack sources

    Number of sources that attack a specified domain name

    Statistics

    Displays the request trend chart over time, detailing the total number of requests, total number of attacks, and the number of different types of attacks.

    QPS

    Queries Per Second (QPS) indicates the number of requests per second. For example, an HTTP GET request is also called a query.

    Average: average number of requests per second to a domain name.

    Peak value: maximum number of requests per second to a domain name.

    Bandwidth

    Average: average value of the outbound bandwidth and the inbound bandwidth.

    Peak: peak value of the outbound bandwidth and the inbound bandwidth.

    Response code
    • AAD Response: indicates the response code returned by AAD to the client and the number of responses.
    • Origin Server Response: indicates the response code returned by the origin server to AAD and the number of responses.

    Attack type distribution

    Numbers and proportions of different attacks.

    • You can click any colored area in the attack distribution circle under Attack Type Distribution to view the type, count, and proportion of an attack.
    • To stop displaying information about a specific type of attacks, click the legend with the same color to the right of the circle.

    Top 100 attack source IP addresses

    Top 100 attack source IP addresses.

    URL TOP 100

    Top 100 attacked URLs.

    Attack events

    For details about attack event parameters, see Table 3.

    Click Export to export the attack event report.
    Table 3 Attack event parameters

    Parameter

    Description

    Target

    Specifies an attacked domain name.

    Attacked URL

    Specifies the URL of the protected domain name, for example, /4b87ef.

    Attack Type

    Indicates the type of the attack, for example, frequency control.

    Time

    Time when the attack occurred.

    Protective Action

    Protective actions.

    • Block
    • Log only
    • Verification code

    Source IP

    Indicates the IP address of the attacker.

Parent Topic: Advanced Anti-DDoS User Guide