DDoS attacks have for the last two decades been among the greatest threats facing the internet infrastructure. Mitigating DDoS attacks is a particularly challenging task. It is known that ordinary signature based detection techniques are inefficient in undermining DDoS attacks as this type of attacks has the ability to mask itself among legitimate traffic. In this thesis, we present an paradigm for countering DDoS attacks at the targeted victim by using elements from data mining and machine learning. Two novel methods that focus on identifying hidden data structures in historical traffic are proposed, to differentiate legitimate traffic from abnormal traffic. In the first method, we resort to data mining techniques to find association rules which are able to describe the part of traffic that has higher likelihood of re-occurring. As a data structure for storing those data driven rules, we employ a binary tree structure. The second method builds on previously uncharted areas within mitigation techniques, where clustering techniques are used to create geographical clusters. In order to summarize the clustering information for real-life traffic filtering scenarios, we use the concept of bloom filters. The results show that these mitigation approaches improve the ability to separate between unknown abnormalities in the dataset and the legitimate traffic structure. Our proposed DDoS filtering schemes are able to mitigate 99\% of the botnet traffic and thus countering significantly the magnitude of those attacks.