In this study, we propose a method for Web-App DDoS Attack mitigation on the basis of analyzing the relationship among the requests sent to the Web application to find out the source IP address of malicious requests and to perform mitigation. Our method provides a set of criteria that allows determining whether a source IP address is normal or malicious in a short period of time. The criteria also make it difficult for hackers to change the attack methods to overcome the characteristics of the criteria. |