Method and system for mitigation of distributed denial of service attacks based on IP neighbourhood density estimation

摘要

The invention describes a method and system of protecting computer systems from attacks over a network to which the computer system is connected, the method comprising the steps of (a) establishing, during attack-free operation of the computer system, a database in the form of a source-IP-histogram storing all request received from all sender at the computer system; (b) calculating and storing a smoothed source-IP-histogram from the source-IP-histogram obtained in step a); (c) applying a probability threshold on the smoothed source-IP-histogram to differentiate between acceptable sender and sender to be rejected; (d) monitoring requests to the computer system; (e) accepting a new sender if its assumed probability value derived from the smoothed-IP-histogram exceeds the threshold.