Abstract
In the scenarios of specific conditions and crises such as the coronavirus pandemic, the availability of e-learning ecosystem elements is further highlighted. The growing importance for securing such an ecosystem can be seen from DDoS (Distributed Denial of Service) attacks on e-learning components of the Croatian e-learning system. The negative impact of the conducted attack is visible in numerous users who were prevented from participating in and implementing the planned teaching process. Network anomalies such as conducted DDoS attacks were identified as one of the crucial threats to the e-learning systems. In this paper, an overview of the network anomaly phenomenon was given and botnets' role in generating DDoS attacks, especially IoT device impact. The paper analyzes the impact of the COVID-19 pandemic on the e-learning systems in Croatia. Based on the conclusions, a research methodology has been proposed to develop a cyber-threat detection model that considers the specifics of the application of e-learning systems in crisis, distinguishing flash crowd events from anomalies in the communication network. The proposed methodology includes establishing a theoretical basis on DDoS and flash crowd event traffic, defining a laboratory testbed setup for data acquisition, development of DDoS detection model, and testing the applicability of the developed model on the case study. The implementation of the proposed methodology can improve the quality of the teaching process through timely DDoS detection and it gives other socio-economic contributions such as developing a specific research domain, publicly available dataset of network traffic, and raising the cyber-security of the e-learning systems.