Application-Layer DDoS attacks are the emerging threat aiming to take down critical applications In every On-Line Business



Evidence on application-layer DDoS attacks is mainly discovered indirectly from customer complaints or operation-based monitoring of SLA statistics.


While volumetric (network) DDoS attacks are currently blocked automatically at the network gate based on statistical characteristics, application DDoS attacks are usually stopped manually. Thus, over 50% of companies report using 6+ people to mitigate application-layer DDoS attacks.


As web traffic is becoming mainly encrypted, over 50% of the total application DDoS attacks are being reported as encrypted, and at a growing rate. Encrypted DDoS attacks tunnel through all defense layers and explode upon reaching the web applications and API systems.

"Advanced" application-level DDoS attack mitigation requires new, updated techniques

Properties"Classical" Application-Level DDoS Attacks "Advanced" Application-Level DDoS Attacks
Attack Targets ("signatures")
Known Signatures Infrastructure Vulnerabilities • Server vulnerabilities (Apache, etc.) • Platform vulnerabilities (WordPress, etc.)
Unknown Signatures Specific Applications Functionality • Heavy processing based controllers (Search, etc.) • Upload / download of media files
Target Protocols
HTTPS > 50%
Attack Dynamic
Simple Traffic Dynamic • Simple flood attack • Mostly "flat" amplitude • Up to hours of attack
Stochastic Traffic Dynamic • Low, normal or flood attack rates • Randomized amplitude • Persistence, may last up to weeks/months
Classical Botnets • Re-usage of known botnets IP's • Same IP's Along the Entire Attack Duration
Ad-Hock Botnets • Cloud services, Tor, IoT and Ad networks IP's • Fast Rotating IP's Mechanisms
Attack Complexity
Simple Attack Scenarios • Simple GET / POST commands • Monotonic repeat of the same requests • Synthetic traffic behavior • Monotonic flood
Sophisticated Attack Scenarios • Randomized GET / POST commands • Randomized requests firing • Mimicking human traffic behavior • Hit & Run
Attack Technologies
Simple tools • Simple flood scripts • Primitive simulators (LOIC, etc.) • Simple botnets C&C
Sophisticated Tools • Automatic testing platforms (Phantom, etc.) • Sophisticated scripts and Ad technologies • Sophisticated botnets C&C

the Ammune™ platform

Immune Model + Machine Learning = Automated, Real-Time DDoS Mitigation

Ammune™ is an always on virtual shield adapting itself automatically to application changes while protecting continuously from unseen application DDoS threats

  • Detect in seconds application-layer DDoS attacks from their initiation
  • Capture fast track attacks such as “Hit & Run” techniques
  • Detection sensitivity not limited by attack amplitude, overall traffic volumes or attack length 
  • Isolate in seconds the exact attacking vectors
  • Generate on-the-spot signatures optimized for the discovered attacking vectors
  • Identification ability not limited by the number of vectors attacking simultaneously 
  • Signatures are fed to a reverse proxy system in real-time and used to mitigate bad requests
  • Mitigation can be conducted by L7 Defense Ammune or other systems with unique APIs



Dr. Doron Chema (Ph.D.) - CEO

20+ years of R&D, Product & Architecture Management Doron is an experienced Hi-Tech manager and entrepreneur. He has over a decade of experience leading sophisticated products development in diverse verticals with direct business outcomes. He has extensive experience in leading teams and structuring flexible work processes while achieving fast results. Doron holds a PhD in Bio-Informatics from the University of Tel Aviv.


Mr. Yisrael Gross - CMO

Sales & Marketing Director for High Tech Companies Yisrael is an experienced Business Development Manager with almost a decade of leading various Business Development and Sales efforts in the Hi-Tech industry. In addition, he manages the "Israel Cyber Group" community, which has more than 150 cyber entrepreneurs and experts. Yisrael is a MBA graduate of Hebrew University majoring in Finance and Marketing.


Mr. Mark Ginzburg - Head of Algorithms

X-Officer in the IDF Intelligence Unit Specialist in Algorithms Mark is an experienced algorithm Group Leader. He has more than 10 years of leading various sophisticated technological solutions in field of Cyber security, including cryptography and secure communications. Mark is a graduate of an IDF Elite R&D Technological Unit in the C4I corps and Technion's excellence program. Mark holds a M.Sc in computer science from the Technion Institute.

Our Partners

Contact Us



     Ha-Energia 77 St.
     Be’er Sheva, Israel


     1 Avenue de la Gare
     Luxembourg, Luxembourg