Resilience to Flash Crowds and DDoS Attacks
1. Treat sophisticated flash crowd-like DDoS as the same as Flash Crowds in detection and remediation
2. Protect the carrier network and the cross traffic as well as the web server
Mechanisms for Detection
Predict the response traffic throughput according to the request rate based on the statistical distribution of requested object sizes in normal situation. As during flash crowds, the distribution still follows power-law distribution.
The disproportion of the predicted throughput and the observed one is used as an indicator for detecting the ill-effect of flash crowds.
Mechanisms for Remediation
1. Dropping extra requests that cannot be served by the server or contained by the network
2. Push the extra requests back to the network edge, and drop there
3. Multi-route the large web response traffic to minimize the impact on the cross traffic