Distributed denial-of-service (DDoS) attacks are undoubtedly destructive. Research shows that the average cost of a DDoS attack is over $2 million. By spamming network requests from thousands of Internet Protocol (IP) addresses, hackers can take down the targeted networks. While all DDoS attacks involve network requests from many different IP addresses, though, there are different types of DDoS attacks, such as application layer.

Application Layer DDoS Attacks Explained

Application layer DDoS attacks live up to their namesake by occurring on the application layer. They target processes that run on the application layer of the Open Systems Interconnection (OSI) model.

All DDoS attacks require multiple IP addresses — and application layer DDoS attacks are no exception. DDoS attacks are distinguished from distributed denial-of-service (DoS) attacks by their use of multiple IP addresses. DoS attacks involve a hacker sending network requests from a single IP address. DDoS attacks involve a hacker sending network requests from multiple IP addresses. Application layer DDoS attacks still involve multiple IP addresses, but they target processes on the application layer rather than the entire network.

How Application Layer DDoS Attacks Work

During an application layer DDoS attack, hackers will target processes on the application layer. Most application layer DDoS attacks target web servers. Web servers, of course, run on the application layer. They are applications that reside on the application layer of the OSI model. Hackers may target web server by spamming them with network requests during an application layer DDoS attack.

Applications like web servers often contain vulnerabilities. Hackers can exploit these vulnerabilities to conduct an application layer DDoS attack.

Examples of application layer DDoS attacks include the following:

  • Hypertext Transfer Protocol (HTTP) request flooding
  • Oversized payload post
  • Spoofed user web browser
  • Slow read
  • Slow post

CAPTCHAs to Prevent Application Layer DDoS Attacks

Many businesses use CATCHAs to protect their web servers from application layer DDoS attacks. Like other DDoS attacks, application layer DDoS attacks are typically performed with hijacked devices. Hackers will hijack users’ devices, which they’ll use as part of an application layer DDoS attacks.

The hijacked devices will then target web servers on the application layer. A CAPTCHA, however, will help to filter this malicious traffic. CAPTCHAS are dests that tell the difference between human users and bots. Hijacked devices are essentially bots, so they won’t e able to pass the CAPTCHAs. They will fail the CAPTCHAs, so their requests to access the web servers will be rejected.