A denial of service (DoS) attack attempts to render a server or other network resource unavailable for legitimate users. The DoS originates with a single attacking system and internet protocol (IP) address. A DDoS attack extends the principle to multiple attackers. Multiple systems, often compromised systems, target the network resource at a coordinated time. The attacks may include hundreds or thousands of compromised systems. A botnet, which may be built through the distribution of a Trojan horse, may be used to gain control of the compromised systems. The attacks may flood the targeted network resource with traffic or requests.
DDoS mitigation or protection services protect networks with traffic filters that detect the denial of service attacks. The protection services may distinguish between requests from legitimate human users from requests originating with bots or hijacked web browsers. The protection services may examine traffic based on addresses, headers or signatures, using machine learning techniques, for example, to identify malicious traffic. In order to inspect layer 7 traffic, the DDoS mitigation or protection services must have access to layer 7 information (e.g., public and private keys).