Optimal Filter Assignment Policy Against Distributed Denial-of-Service Attack

Research output: Contribution to journalArticlepeer-review

4 Scopus citations


A distributed denial-of-service (DDoS) attack is a cyber-attack in which attackers from different locations send out many requests to exhaust the capacity of a server. Current DDoS attack protection services filter out the DDoS attack packets in the middle of the path from the attacker to the servers. Some of the DDoS protection systems filter them out at the victim server. As a result, unnecessary attack traffic congests the network and wastes bandwidth. This can be minimized if we block them as early as possible. In this paper, we propose a DDoS attack protection system by using the filter router. The victim needs to wisely select and send filters to a subset of filter routers to minimize attack traffic and blockage of legitimate users (LUs). Many filters can easily minimize the attack traffic and blockage of LUs, but it is costly to the victim. So, we formulate two problems with different settings for selecting filter routers given a constraint on the number of filters. We propose dynamic programming solutions for both problems. Both problems consider the blockage of all attack traffic before it reaches the victim. We conduct extensive simulation to support our solutions.

Original languageEnglish (US)
Pages (from-to)339-352
Number of pages14
JournalIEEE Transactions on Dependable and Secure Computing
Issue number1
StatePublished - 2022

All Science Journal Classification (ASJC) codes

  • General Computer Science
  • Electrical and Electronic Engineering


Dive into the research topics of 'Optimal Filter Assignment Policy Against Distributed Denial-of-Service Attack'. Together they form a unique fingerprint.

Cite this