Sky Shield is a sketch-based defense system that uses sketches and bloom filters to detect and mitigate application layer DDoS attacks. It works by (1) calculating a sketch for each request that tracks attributes like source IP, packets sent, etc., (2) comparing sketches to detect divergence indicating abnormal behavior, (3) using bloom filters to label sources as legitimate or malicious based on a trust value, and (4) challenging sources labeled as malicious with CAPTCHAs. This approach aims to efficiently distinguish normal users from attackers in high traffic networks and stop servicing attack sources.