A novel framework to detect and block DDoS attack at the application layer

Detection and prevention of DDoS is still an area of ongoing research. A carefully crafted DDoS attack can fool present methodologies and overwhelm a server; such attacks may be the next wave of cyber warfare and cyber crime. It can be shown that only application level methods are capable of differentiating legitimate flash traffic from DDoS. In this paper we explain why existing application layer methodologies cannot work and propose a novel set of algorithms that are capable of detecting and blocking DDoS attacks whilst allowing through legitimate user traffic, including flash traffic. The required functionality can be added to existing web servers with a minimum of interference with the application code, or implemented in a separate network device.