Optimal filter assignment policy against transit-link distributed denial-of-service attack

Rajorshi Biswas, Jie Wu, Wei Chang, Pouya Ostovari

Research output: Contribution to journalConference articlepeer-review

4 Scopus citations


A transit-link distributed denial-of- service (DDoS) attack is a special attack in which the attacker sends out a huge number of requests to exhaust the capacity of a link on the path the traffic comes to a server. As a result, denial-of- service and degradation of Quality-of-Service (QoS) occurs. Because the attack traffic does not go to the victim, protecting the legitimate traffic alone is hard for the victim. With the help of a special type of router called filter router (FR), the victim can protect the legitimate traffic. A FR can receive filter from servers and apply the filter to block a link incident to it. By analyzing traffic rates and paths, the victim can identify some links that may be congested. The victim needs to select some of these possible congested links and send a filter to the corresponding FR so that the legitimate traffic follows non-congested paths. In this paper, we formulate an optimization problem for selecting the minimum number of possible congested links so that the legitimate traffic goes through a non-congested path. We consider the scenario where every user has at least one non- congested shortest path. We transform the problem to the vertex separation problem to find the links to block. We build our own Java multi-threaded simulator and conduct extensive simulations.

Original languageEnglish (US)
Article number9013985
JournalProceedings - IEEE Global Communications Conference, GLOBECOM
StatePublished - 2019
Event2019 IEEE Global Communications Conference, GLOBECOM 2019 - Waikoloa, United States
Duration: Dec 9 2019Dec 13 2019

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence
  • Computer Networks and Communications
  • Hardware and Architecture
  • Signal Processing

Cite this