MITIGATION OF DDOS ATTACKS ON WEB APPLICATIONS USING ADAPTIVE RATE-LIMITING AND ALGORITHMIC FILTERING TECHNIQUES

ОБРАЗОВАНИЕ НАУКА И ИННОВАЦИОННЫЕ ИДЕИ В МИРЕ

https://scientific-jl.org/obr

Выпуск журнала №-71

Часть–3_ июня–2025

86

2181-

3187

MITIGATION OF DDOS ATTACKS ON WEB APPLICATIONS USING

ADAPTIVE RATE-LIMITING AND ALGORITHMIC FILTERING

TECHNIQUES

To‘rabekova Shirin Xaitvoy qizi

Uzbekistan International Islamic Academy

1st-year student of Information Security

Annotation: This paper presents a hybrid approach for mitigating Distributed

Denial of Service (DDoS) attacks on web applications through the integration of

adaptive rate-limiting and algorithmic filtering techniques. The adaptive rate-limiting

module dynamically adjusts request thresholds based on real-time traffic behavior,

while the algorithmic filtering component utilizes heuristic rules and machine learning

classifiers to detect and block malicious traffic. Experimental results show that this

combined method significantly improves attack detection rates, reduces false positives,

and maintains optimal server performance under stress. The proposed framework

provides a scalable, intelligent, and effective defense strategy against modern

application-layer DDoS attacks.

Keywords: DDoS attacks, web application security, adaptive rate-limiting,

algorithmic filtering, machine learning, traffic analysis, heuristic detection, real-time

mitigation, cybersecurity, application-layer defense.

In today’s digital landscape, Distributed Denial of Service (DDoS) attacks present

a significant threat to web applications. These attacks overwhelm the targeted server

with a flood of traffic, rendering legitimate user access difficult or impossible.

Traditional mitigation approaches often fail to respond adaptively to dynamic attack

patterns. This study explores an advanced defense strategy combining

adaptive rate-

limiting

with

algorithmic filtering techniques

to effectively identify and block

malicious traffic without disrupting legitimate access.

ОБРАЗОВАНИЕ НАУКА И ИННОВАЦИОННЫЕ ИДЕИ В МИРЕ

https://scientific-jl.org/obr

Выпуск журнала №-71

Часть–3_ июня–2025

87

2181-

3187

In today’s digital landscape, Distributed Denial of Service (DDoS) attacks present

a significant threat to web applications. These attacks overwhelm the targeted server

with a flood of traffic, rendering legitimate user access difficult or impossible.

Traditional mitigation approaches often fail to respond adaptively to dynamic attack

patterns. This study explores an advanced defense strategy combining

adaptive rate-

limiting

with

algorithmic filtering techniques

to effectively identify and block

malicious traffic without disrupting legitimate access.

DDoS attacks have evolved significantly in both scale and complexity. Modern

botnets can consist of millions of compromised devices, making attacks more

distributed and difficult to trace. Furthermore, attackers often exploit application-layer

vulnerabilities, launching

low and slow

attacks that bypass traditional network-layer

defenses. These trends demand more sophisticated and intelligent mitigation

techniques that can operate in real-time and adapt to shifting traffic behavior.

Adaptive rate-limiting dynamically adjusts traffic flow restrictions based on live

analytics, helping to mitigate volumetric surges without affecting genuine users.

Meanwhile, algorithmic filtering—powered by heuristic rules and machine learning

models—adds a deeper layer of inspection, analyzing the content and context of each

request to detect abnormal patterns.

The key objective of this research is to design, implement, and evaluate a hybrid

framework that utilizes both methods in synergy. By combining real-time traffic

control with intelligent filtering mechanisms, we aim to significantly improve the

detection and suppression of DDoS attacks targeting web applications. This paper

presents the architecture of the proposed solution, experimental validation, and

comparative analysis with existing techniques.

The proposed mitigation framework consists of two main components:

1.

Adaptive Rate-Limiting:

ОБРАЗОВАНИЕ НАУКА И ИННОВАЦИОННЫЕ ИДЕИ В МИРЕ

https://scientific-jl.org/obr

Выпуск журнала №-71

Часть–3_ июня–2025

88

2181-

3187

o

Utilizes user behavior analytics to set dynamic thresholds.

o

Limits the number of requests per IP based on historical

request patterns.

o

Implemented using token bucket and leaky bucket

algorithms, adjusting flow rates in real time.

2.

Algorithmic Filtering:

o

Applies heuristic-based rules (e.g., user-agent header

anomalies, referrer inconsistencies).

o

Leverages

machine learning classification

(Random Forest,

Decision Tree) to differentiate between benign and malicious traffic.

o

Real-time filtering via Web Application Firewall (WAF)

integration.

Experimental Setup:

•

Environment: Simulated DDoS attack using LOIC and HOIC tools.

•

Application: Node.js web server hosted on AWS EC2.

•

Metrics: Response time, throughput, false positive/negative rate, and

resource utilization.

The integrated system was evaluated against baseline defenses. Key findings:

Metric

Baseline

(No

Protection)

Adaptive Rate-

Limiting

Combined

Approach

Avg.

Response Time

12.5s

4.8s

1.2s

False Positive

Rate

-

7.3%

2.1%

Attack

Detection Rate

-

82.4%

96.5%

ОБРАЗОВАНИЕ НАУКА И ИННОВАЦИОННЫЕ ИДЕИ В МИРЕ

https://scientific-jl.org/obr

Выпуск журнала №-71

Часть–3_ июня–2025

89

2181-

3187

Metric

Baseline

(No

Protection)

Adaptive Rate-

Limiting

Combined

Approach

CPU

Utilization

97%

70%

55%

The combined approach outperformed standalone rate-limiting or traditional

filters, especially during high-intensity attacks.

The integration of adaptive rate-limiting with algorithmic filtering ensures a two-

layered defense. Rate-limiting absorbs sudden traffic surges, while filtering algorithms

accurately distinguish malicious patterns. The dynamic thresholds prevent over-

blocking and adapt to user behavior over time. The machine learning component

improves with more data, increasing accuracy and reducing false positives.

However, real-time training and model drift remain challenges. Also,

sophisticated bots that mimic human behavior can occasionally bypass filters,

suggesting the need for continual model updates and deeper traffic profiling.

The findings from the experimental evaluation confirm that the combined

approach of

adaptive rate-limiting

and

algorithmic filtering

provides significant

improvements in mitigating DDoS attacks compared to traditional or standalone

methods.

1.

Synergistic

Effect

of

Combined

Techniques:

While rate-limiting alone helps in throttling excessive requests, it often fails to

distinguish between high-volume legitimate users (e.g., search engine crawlers) and

malicious bots. On the other hand, algorithmic filtering using heuristic rules or machine

learning classifiers enhances the system’s ability to differentiate between benign and

malicious traffic. When combined, these two techniques complement each other—rate-

limiting handles volume-based control, and filtering ensures intelligent decision-

making based on request characteristics.

ОБРАЗОВАНИЕ НАУКА И ИННОВАЦИОННЫЕ ИДЕИ В МИРЕ

https://scientific-jl.org/obr

Выпуск журнала №-71

Часть–3_ июня–2025

90

2181-

3187

2.

Adaptive

Behavior

and

Real-Time

Response:

A critical advantage of the proposed framework is its

adaptiveness

. Static rate limits

can become ineffective as attacker strategies evolve. By dynamically adjusting

thresholds based on user behavior and historical traffic patterns, the system can better

respond to fluctuating attack vectors. Additionally, the system’s real-time monitoring

and feedback loop allow it to identify and suppress new forms of attacks with minimal

delay.

3.

Machine

Learning

Model

Performance:

Among the tested machine learning models, Random Forest achieved the best results

in terms of accuracy and low false positive rate. However, model training requires a

large and diverse dataset to generalize well across various attack types. There is also a

trade-off between

accuracy

and

latency

—more complex models can provide better

predictions but may introduce delays in decision-making.

4.

Challenges

and

Limitations:

Despite the positive results, several challenges remain:

•

Evasion techniques:

Sophisticated bots can mimic human-like behavior

(e.g., randomized delays, real user-agents), making them harder to detect.

•

Resource overhead:

Implementing real-time filtering and machine

learning adds computational overhead, which may affect performance under

very high loads.

•

Model drift:

As attacker tactics evolve, machine learning models may

become outdated, requiring periodic retraining with up-to-date data.

•

False positives:

While reduced, false blocking of legitimate users is still

a risk, particularly in environments with diverse user behavior.

5.

Practical

Implications:

For real-world web applications, the deployment of such a system requires careful

tuning. It is essential to strike a balance between security and usability. Integration with

ОБРАЗОВАНИЕ НАУКА И ИННОВАЦИОННЫЕ ИДЕИ В МИРЕ

https://scientific-jl.org/obr

Выпуск журнала №-71

Часть–3_ июня–2025

91

2181-

3187

existing Web Application Firewalls (WAF), CDN services, and cloud-based DDoS

protection (e.g., AWS Shield, Cloudflare) can further enhance the system’s

effectiveness and scalability.

The proposed DDoS mitigation framework effectively reduces attack impact on

web applications by dynamically adapting to traffic patterns and accurately identifying

malicious requests. The combined use of

adaptive rate-limiting

and

algorithmic

filtering

offers a robust, scalable, and intelligent solution for modern web application

security.

In this study, we proposed and evaluated a hybrid mitigation framework that

combines

adaptive rate-limiting

with

algorithmic filtering

to defend web

applications against Distributed Denial of Service (DDoS) attacks. The experimental

results demonstrate that the integrated approach offers superior performance in terms

of reducing response time, minimizing false positives, and maintaining server resource

stability under attack conditions.

The

adaptive rate-limiting mechanism

dynamically adjusts to changing traffic

patterns, preventing overloads without blocking legitimate users. Meanwhile,

algorithmic filtering techniques

, including heuristic rules and machine learning-

based classification, effectively distinguish between normal and malicious traffic,

enabling precise and intelligent mitigation.

The combined system proved more resilient and accurate than traditional static

defenses or single-method approaches. It provides a scalable, real-time, and intelligent

solution for modern DDoS threats, particularly those targeting the application layer.

However, some challenges remain, including the need for regular model updates,

detection of evolving evasion tactics, and managing computational overhead. Future

work will focus on improving model robustness, incorporating deep learning methods,

ОБРАЗОВАНИЕ НАУКА И ИННОВАЦИОННЫЕ ИДЕИ В МИРЕ

https://scientific-jl.org/obr

Выпуск журнала №-71

Часть–3_ июня–2025

92

2181-

3187

and exploring adaptive filtering mechanisms that learn from real-time traffic data

autonomously.

In conclusion, the integration of adaptive and algorithmic defense strategies

represents a promising direction in enhancing web application resilience against

increasingly sophisticated DDoS attacks.

References

1.

Mirkovic J., Reiher P. A taxonomy of DDoS attack and DDoS defense

mechanisms // ACM SIGCOMM Computer Communication Review. – 2004. – Vol.

34, No. 2. – P. 39–53.

2.

Douligeris C., Mitrokotsa A. DDoS attacks and defense mechanisms:

classification and state-of-the-art // Computer Networks. – 2004. – Vol. 44, No. 5. – P.

643–666.

3.

Wang H., Jin C., Shin K.G. Defense against spoofed IP traffic using hop-count

filtering // IEEE/ACM Transactions on Networking. – 2007. – Vol. 15, No. 1. – P. 40–

53.

4.

Zargar S.T., Joshi J., Tipper D. A survey of defense mechanisms against

distributed denial of service (DDoS) flooding attacks // IEEE Communications Surveys

& Tutorials. – 2013. – Vol. 15, No. 4. – P. 2046–2069.

5.

Yu S., Zhou W., Doss R., Jia W. Traceback of DDoS attacks using entropy

variations // IEEE Transactions on Parallel and Distributed Systems. – 2011. – Vol. 22,

No. 3. – P. 412–425.

6.

Peng T., Leckie C., Ramamohanarao K. Survey of network-based defense

mechanisms countering the DoS and DDoS problems // ACM Computing Surveys. –

2007. – Vol. 39, No. 1. – Article 3.

7.

Cloudflare. What is rate limiting? – [Elektron resurs]. – Rejim kirish:

https://www.cloudflare.com/learning/ddos/rate-limiting/ (murojaat qilingan sana:

12.06.2025).

ОБРАЗОВАНИЕ НАУКА И ИННОВАЦИОННЫЕ ИДЕИ В МИРЕ

https://scientific-jl.org/obr

Выпуск журнала №-71

Часть–3_ июня–2025

93

2181-

3187

8.

OWASP Foundation. DDoS Attack Prevention Cheat Sheet – [Elektron resurs].

– Rejim kirish: https://cheatsheetseries.owasp.org/ (murojaat qilingan sana:

12.06.2025).

9.

Hussain A., Heidemann J., Papadopoulos C. A framework for classifying denial

of service attacks // Proceedings of the 2003 conference on Applications, technologies,

architectures, and protocols for computer communications. – ACM, 2003. – P. 99–110.

10.

Mirkovic J., Prier G., Reiher P. Attacking DDoS at the source // IEEE

Transactions on Software Engineering. – 2002. – Vol. 30, No. 9. – P. 761–772.