What metric is used to measure the magnitude of application layer attacks?

The measurement of application layer attacks is best represented by requests per second (rps). This metric quantifies the number of requests made to a web application or service within a specified time frame. Application layer attacks, such as Distributed Denial of Service (DDoS) attacks, typically target the application itself by overwhelming it with a high volume of legitimate-looking requests.

Using rps enables incident handlers and security professionals to assess the severity and impact of an attack on application performance, as it directly correlates to how well the application can handle incoming traffic. A sudden spike in rps can indicate an ongoing attack, prompting a need for defensive measures to ensure service availability.

In contrast, packets per second (pps) generally pertains to network-level metrics, focusing on the number of packets traversing the network rather than the specific requests made to an application. Bits per second (bps) is typically used for measuring bandwidth utilization and throughput rather than the application-layer activities, while cycles per second (cps) is more related to processor performance. Thus, rps is the most relevant metric in the context of evaluating application layer attack magnitudes.