A computer network is a collection of interconnected computing devices that exchange data and share resources. In a packet-based network, such as the Internet, the computing devices communicate data by dividing the data into small blocks called packets. The packets are individually routed across the network from a source device to a destination device. The destination device extracts the data from the packets and assembles the data into its original form. Dividing the data into packets enables the source device to resend only those individual packets that may be lost during transmission.
The Internet and other computer networks are prone to network attacks. One type of network attack that represents a threat to enterprises operating over the Internet is the Denial-of-Service (DoS) attack. A notable form of a DoS attack is the direction of an abundance of traffic to a targeted computing device by one or more malicious parties in an attempt to sabotage network operation of the targeted computing device. The attack traffic may be generated from a single source or simultaneously from multiple points on the network from machines that have been “hijacked” or subverted by the attacker. This form of a DoS attack is often referred to as a distributed DoS (DDoS) attack.
This abundance of traffic can cause one or more network services provided by the targeted computing device to be unavailable. In other words, the abundance of incoming traffic occupies computing resources of the targeted device, rendering the resources unavailable for legitimate traffic. In extreme cases, the targeted computing device may temporarily lose network connectivity and services.