MITIGATION OF DDOS ATTACKS ON WEB APPLICATIONS USING ADAPTIVE RATE-LIMITING AND ALGORITHMIC FILTERING TECHNIQUES
Keywords:
DDoS attacks, web application security, adaptive rate-limiting, algorithmic filtering, machine learning, traffic analysis, heuristic detection, real-time mitigation, cybersecurity, application-layer defense.Abstract
This paper presents a hybrid approach for mitigating Distributed Denial of Service (DDoS) attacks on web applications through the integration of adaptive rate-limiting and algorithmic filtering techniques. The adaptive rate-limiting
module dynamically adjusts request thresholds based on real-time traffic behavior, while the algorithmic filtering component utilizes heuristic rules and machine learning classifiers to detect and block malicious traffic. Experimental results show that this
combined method significantly improves attack detection rates, reduces false positives, and maintains optimal server performance under stress. The proposed framework provides a scalable, intelligent, and effective defense strategy against modern
application-layer DDoS attacks.
References
1.
Mirkovic J., Reiher P. A taxonomy of DDoS attack and DDoS defense
mechanisms // ACM SIGCOMM Computer Communication Review. – 2004. – Vol.
34, No. 2. – P. 39–53.
2.
Douligeris C., Mitrokotsa A. DDoS attacks and defense mechanisms:
classification and state-of-the-art // Computer Networks. – 2004. – Vol. 44, No. 5. – P.
643–666.
3.
Wang H., Jin C., Shin K.G. Defense against spoofed IP traffic using hop-count
filtering // IEEE/ACM Transactions on Networking. – 2007. – Vol. 15, No. 1. – P. 40
53.
4.
Zargar S.T., Joshi J., Tipper D. A survey of defense mechanisms against
distributed denial of service (DDoS) flooding attacks // IEEE Communications Surveys
& Tutorials. – 2013. – Vol. 15, No. 4. – P. 2046–2069.
5.
Yu S., Zhou W., Doss R., Jia W. Traceback of DDoS attacks using entropy
variations // IEEE Transactions on Parallel and Distributed Systems. – 2011. – Vol. 22,
No. 3. – P. 412–425.
6.
Peng T., Leckie C., Ramamohanarao K. Survey of network-based defense
mechanisms countering the DoS and DDoS problems // ACM Computing Surveys. –
2007. – Vol. 39, No. 1. – Article 3.
7.
Cloudflare. What is rate limiting? – [Elektron resurs]. – Rejim kirish:
https://www.cloudflare.com/learning/ddos/rate-limiting/ (murojaat qilingan sana:
12.06.2025).8.
OWASP Foundation. DDoS Attack Prevention Cheat Sheet – [Elektron resurs]. – Rejim kirish: https://cheatsheetseries.owasp.org/ (murojaat qilingan sana:
12.06.2025).
9.
Hussain A., Heidemann J., Papadopoulos C. A framework for classifying denial
of service attacks // Proceedings of the 2003 conference on Applications, technologies,
architectures, and protocols for computer communications. – ACM, 2003. – P. 99–110.
10. Mirkovic J., Prier G., Reiher P. Attacking DDoS at the source // IEEE
Transactions on Software Engineering. – 2002. – Vol. 30, No. 9. – P. 761–772.
