To defend against distributed denial of service (DDoS) attacks, one critical issue is to effectively isolate the attack traffic from the normal ones. A novel DDoS defense scheme based on TCP_IP Header Analysis and Proactive Tests (THAPT) is hereby proposed. Unlike most of the previous DDoS defense schemes that are passive in nature, the proposal uses proactive tests to identify and isolate the malicious traffic. Simulation results validate the effectiveness of our proposed scheme.
Z. Ye, W. Shi & D. Ye, "DDoS defense using TCP_IP header analysis and proactive tests," in International Conference on Information Technology and Computer Science, 2009. ITCS 2009, 2009, pp. 548-552.