Real time calibration of DDoS blocking rules for Web Servers

Protecting web servers from Distributed Denial of Service (DDoS) attacks in real time is a critical challenge for any security system. Several methods have been proposed to differentiate attack traffic from normal human traffic and flash traffic but the usual result is to punish both the attack traffic and at least the legitimate (and possibly profitable) flash traffic. This research has developed a novel, adaptive, real-time scoring algorithm to provide a dynamic and effective detection mechanism for a web server. A very occasional "Are You a Human" (AYAH) page is used to calibrate detections rules which are then applied to the rest of the traffic. The real-time scoring system is implemented on an Apache web server and uses shared memory to interact with a daemon to stop, slow, or allow a user request.