A denial of service (DoS) or distributed denial of service (DDOS) attack is an explicit attempt by an attacker or attackers to prevent or impair the legitimate use of a host computer, a router, a server, a network or the like. While such attacks can be launched from within a target network itself, the overwhelming majority of such attacks are launched from external systems and networks connected to the target via the Internet.
Traditional methods for detecting DoS attacks are typically based on monitoring incoming traffic and detecting the DoS attack based on an observation of a large increase in traffic, especially when a large portion of the traffic originates from a single IP address. In this case, mitigating the DoS attack includes filtering out the traffic associated with any IP addresses identified as malicious. However, the aforementioned technique for mitigating a DOS attack may not be very effective in mitigating a Distributed Denial of Service (DDoS) attack. In case of a DDoS attack, incoming traffic may originate from a large number of attacking machines, each having a distinct IP address.