Filter Assignment Policy Against Distributed Denial-of-Service Attack

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations


A denial-of-service (DoS) attack is a cyber-attack in which the attacker sends out a huge number of requests to exhaust the capacity of a server, so that it can no longer serve incoming requests and DoS occurs. The most devastating distributed DoS attack is performed by malicious programs called bots. With the help of a special type of router called filter router, the victim can protect itself and reduce useless congestion in the network. A server can send out filters to filter routers for blocking attack traffic. The victim needs to select a subset of filter routers wisely to minimize attack traffic and blockage of legitimate users (LUs). In this paper, we formulate two problems for selecting filter routers given a constraint on the number of filters. The first problem considers the source-based filter and we provide greedy approximation solutions. The second problem considers the destination-based filter and how to minimize total amount of attack traffic and blocked LUs. We propose a dynamic programming solution for the second problem. We present simulation results comparing the proposed solutions with a naive approach. Our simulation results strengthen support for our solutions.

Original languageEnglish (US)
Title of host publicationProceedings - 2018 IEEE 24th International Conference on Parallel and Distributed Systems, ICPADS 2018
PublisherIEEE Computer Society
Number of pages8
ISBN (Electronic)9781538673089
StatePublished - Feb 19 2019
Event24th IEEE International Conference on Parallel and Distributed Systems, ICPADS 2018 - Singapore, Singapore
Duration: Dec 11 2018Dec 13 2018

Publication series

NameProceedings of the International Conference on Parallel and Distributed Systems - ICPADS
ISSN (Print)1521-9097


Conference24th IEEE International Conference on Parallel and Distributed Systems, ICPADS 2018

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture

Cite this