MITIGATION OF DDOS ATTACKS ON WEB APPLICATIONS USING ADAPTIVE RATE-LIMITING AND ALGORITHMIC FILTERING TECHNIQUES
Ключевые слова:
DDoS attacks, web application security, adaptive rate-limiting, algorithmic filtering, machine learning, traffic analysis, heuristic detection, real time mitigation, cybersecurity, application-layer defense.Аннотация
This paper presents a hybrid approach for mitigating
Distributed Denial of Service (DDoS) attacks on web applications through the
integration of adaptive rate-limiting and algorithmic filtering techniques. The
adaptive rate-limiting module dynamically adjusts request thresholds based on
real-time traffic behavior, while the algorithmic filtering component utilizes
heuristic rules and machine learning classifiers to detect and block malicious
traffic. Experimental results show that this combined method significantly
improves attack detection rates, reduces false positives, and maintains optimal
server performance under stress. The proposed framework provides a scalable,
intelligent, and effective defense strategy against modern application-layer DDoS
attacks.
Библиографические ссылки
1.
Mirkovic J., Reiher P. A taxonomy of DDoS attack and DDoS defense
mechanisms // ACM SIGCOMM Computer Communication Review. – 2004. – Vol.
34, No. 2. – P. 39–53.
2.
Douligeris C., Mitrokotsa A. DDoS attacks and defense mechanisms:
classification and state-of-the-art // Computer Networks. – 2004. – Vol. 44, No. 5. – P.
643–666.
3.
Wang H., Jin C., Shin K.G. Defense against spoofed IP traffic using hop-count
filtering // IEEE/ACM Transactions on Networking. – 2007. – Vol. 15, No. 1. – P. 40
53.
4.
Zargar S.T., Joshi J., Tipper D. A survey of defense mechanisms against
distributed denial of service (DDoS) flooding attacks // IEEE Communications Surveys
& Tutorials. – 2013. – Vol. 15, No. 4. – P. 2046–2069.
5.
Yu S., Zhou W., Doss R., Jia W. Traceback of DDoS attacks using entropy
variations // IEEE Transactions on Parallel and Distributed Systems. – 2011. – Vol. 22,
No. 3. – P. 412–425.
6.
Peng T., Leckie C., Ramamohanarao K. Survey of network-based defense
mechanisms countering the DoS and DDoS problems // ACM Computing Surveys. –
2007. – Vol. 39, No. 1. – Article 3.
7.
Cloudflare. What is rate limiting? – [Elektron resurs]. – Rejim kirish:
https://www.cloudflare.com/learning/ddos/rate-limiting/ (murojaat qilingan sana:
12.06.2025).8.
OWASP Foundation. DDoS Attack Prevention Cheat Sheet – [Elektron resurs]. – Rejim kirish: https://cheatsheetseries.owasp.org/ (murojaat qilingan sana:
12.06.2025).
9.
Hussain A., Heidemann J., Papadopoulos C. A framework for classifying denial
of service attacks // Proceedings of the 2003 conference on Applications, technologies,
architectures, and protocols for computer communications. – ACM, 2003. – P. 99–110.
10.
Mirkovic J., Prier G., Reiher P. Attacking DDoS at the source // IEEE Transactions on
Software Engineering. – 2002. – Vol. 30, No. 9. – P. 761–772.
