Skip to main content Skip to main navigation

Project | NetShield


Prevention of DDoS Attacks

Distributed Denial-of-Service (DDoS) attacks are one of the most threatening assaults on the Internet today. Servers are flooded with a tremendous number of nonsense requests from thousands of clients in order to cause a server overload or even crash. Usually, a single attacker controls a powerful (bot) network of Trojan horse infected PCs and let them attack a web service simultaneously without the knowledge of the PC owner. DDoS attacks seriously harm e-businesses such as web shops, online auctions, online banking or simply cause an image loss of a company.

The fact, that the requests origin from computers all over the world and might even look like legitimate request messages makes it very hard to filter them or firewall them in a classical way.

Nevertheless, the requests are machine generated and not initiated by a human. Our new approach to detect and prevent DDoS attacks claims now to detect anomaly patterns which are a result of these machine generated packets. Therefore, we use pattern recognition methods to determine and filter the non-legitimate packets based on multiple parameters, such as routing information, origin networks, coherences on document structures and many others.

We aim to build an intelligent system which is able to defend against new DDoS attack methods and tools automatically without adjusting any filter rules.

Publications about the project

  1. Server-side Prediction of Source IP Addresses using Density Estimation

    Markus Goldstein; Matthias Reif; Armin Stahl; Thomas Breuel

    In: Availability, Reliability and Security, 2009. ARES 09. Fourth International Conference on. International Conference on Availability, Reliability and Security (ARES-2009), ARES - The International Dependability Conference, March 16-19, Fukuoka, Japan, Pages 82-89, ISBN 978-0-7695-3564-7, IEEE Computer Society Press, 3/2009.


Deutsche Telekom Laboratories