How do you identify and mitigate a distributed denial-of-service (DDoS) attack targeting public-facing web applications?