In recent years, the Internet has become an inseparable part of human life, and many services have emerged on it. This rapid growth has created many security issues for users and organizations. For example, sometimes intruders attack the computer networks and causing a great deal of damage. In order to prevent further consequences of the attacks, it is important to identify them as quickly as possible and take appropriate action to stop them. On the other hand, availability is one of the most important requirements for almost all the organization. To ensure this requirement is met, the systems must be designed to prevent attacks that endanger this security requirement. In order to prevent these attacks, known as the DDoS attacks, anti DDoS systems have been developed. There are different ways to identify and prevent DDoS attacks, but each of them has serious challenges to prevent. One of the approaches that has attracted researchers and operators today introduced as a hybrid anti DDoS architecture. This new architecture composed of two principles includes detection and mitigation components. The consequence of this architecture is that, we can examine packets at the protected organization and mitigating the occurred attack on high-speed links. In this thesis a new design based on this architecture is presented wherein the input packets are labeled to separate malicious packets form normal ones. The proposed method can be easily deployed in the Internet infrastructure without any change to network equipment and protocols. This method easily resists against various DDoS attacks including different types of reflection attacks, and also eliminates unauthorized traffic with insignificant overhead. Moreover, in order to better use of this architecture, a fast algorithm for membership query is presented. The proposed algorithm improves memory access in comparison to the best algorithms presented yet. The results of this algorithm shows that memory access has improved up to ten fold for network related applications. Keywords: DDoS defense, traffic filtering, multiset membership query, collaborative defense.
