Ant Colony Optimization for DDoS Defense Published at AsiaCCS 2020

15th ACM Asia Conference On Computer and Communications Security

Distributed denial-of-service (DDoS) attacks can paralyze machines on the Internet with traffic flood and is a serious security concern of Internet users.  A new work from Ph.D. student Devkishen SisodiaProf. Jun Li  and Prof. Lei Jiao  entitled "In-Network Filtering of Distributed Denial-of-Service Traffic with Near-Optimal Rule Selection,” was recently published and presented at the 15th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2020).  

In this work, the researchers tackle the complex problem of filtering distributed denial-of-service (DDoS) traffic across the Internet during large-scale DDoS attacks. They introduced a new operational model for in-network DDoS defense, called the offer-based model, that is more suitable for the real-world. In order to apply this model to DDoS defense, they address the NP-hard problem at the center of this model: how does one determine the best sets of filtering rules to deploy on the Internet so that the attack can be successfully mitigated? 

Based on the Ant Colony Optimization (ACO) framework, the team developed an algorithm to find a near-optimal solution to this problem.  To the best knowledge of the authors, this is the first time the classical ACO framework has been adapted and applied to the domain of in-network DDoS defense.

More information about this project can be found at

This work is partially funded by the Science and Technology Directorate of the United States Department of Homeland Security under contract number D15PC00204.