Web application distributed denial-of-service attack (Web-app DDOS Attack) is a common dangerous attack that hackers use to attack the information systems of organizations. Web application is often hackers' target because this kind of application is an external interface of an organization to provide the organization's activities services. In addition, due to the emergence of weaknesses and security holes in applications and operating systems, hackers can easily create a large-scale botnet for more effective Web-app DDoS Attack. In fact, there have been many research projects related to the defense against this type of attack. However, DDOS attacks still cause serious damage to the systems of organizations due to the attack methods are increasingly sophisticated and constantly changing. In this study, we propose a method for Web-App DDoS Attack mitigation on the basis of analyzing the relationship among the requests sent to the Web application to find out the source IP address of malicious requests and to perform mitigation. Our method provides a set of criteria that allows to determine whether a source IP address is normal or malicious in a short period of time. The criteria also make it difficult for hackers change the attack methods to overcome the characteristics of the criteria.
