Sorry for the late answer. I somehow missed your email earlier.
As a mitigation method, all the offending tasks involved in the attack are killed. Or in other words, all the tasks that share the same statistics (statistics showing a fast crash rate) are killed.
So systemd will just restart the network daemon and then the attack works again?
Or if it's a interactive login you log in again.
I think it might be useful even with these limitations, but it would be good to spell out the limitations of the method more clearly.
I suspect to be useful it'll likely need some user space configuration changes too.
-Andi