Skip to Main Content
How to effectively resist DoS/DDoS (Distributed Denial of Service) attacks is one of the primary issues for Internet security. This paper studies non-invasive types of DoS/DDoS attacks, which attacks against servers via protocol-compliant and legitimate application-layer requests. Attackers use some special service requests, which require high processing complexity, to overwhelm the servers' resources. This paper presents an effective defense system namely DAT: Defense system Against Tilt DDoS attacks. Through analyzing each client's features, such instant traffic volume, session behavior, and so on. DAT schedules requests and decides whether to activate the defense mechanisms or not. The DAT is capable of effectively suppressing DoS/DDoS attacks, so that the protected server cluster is able to operate normally even under attacking. Simulation results show that DAT concentrates to serve legitimate users instead of wasting resources on malicious users.