Computing service systems in computing service environments are often targets for malicious attacks conducted over a computing network. These malicious attacks can potentially cause a targeted computing service system to slow to a point that physical hosts included in the computing service system are unable to respond to legitimate network requests. For example, a DDoS (Distributed Denial of Service) attack may be a type of malicious attack that distributes a DoS (Denial of Service) program among several computing devices that in turn flood a computing service system with network packets (e.g., SYN (synchronization) packets) to initiate a network connection. The flood of network packets may cause network performance to slow resulting in system paralysis for the computing service system.
In the event of a malicious attack, computing service providers may have a difficult time identifying non-malicious network traffic from malicious network traffic. For example, a DDoS attack may involve multiple computing devices sending requests to perform some type of network action to a target computing service system. The IP (Internet Protocol) address for the computing devices may be changed in an attempt to make the request appear to originate from a legitimate or known client device, thereby making identification of the attacking computing devices problematic.