Stateful DDoS attacks and targeted filtering

Shigang Chen, Yong Tang, Wenliang Du

Research output: Contribution to journalArticlepeer-review

17 Scopus citations


The goal of a distributed denial of service (DDoS) attack is to completely tie up certain resources so that legitimate users are not able to access a service. It has long been an open security problem of the Internet. In this paper, we identify a class of stateful DDoS attacks that defeat the existing cookie-based solutions. To counter these attacks, we propose a new defense mechanism, called targeted filtering, which establishes filters at a firewall and automatically converges the filters to the flooding sources while leaving the rest of the Internet unblocked. We prove the correctness of the proposed defense mechanism, evaluate its efficiency by analysis and simulations, and establish its worst-case performance bounds in response to stateful DDoS attacks. We have also implemented a Linux-based prototype with experimental results that demonstrate the effectiveness of targeted filtering.

Original languageEnglish (US)
Pages (from-to)823-840
Number of pages18
JournalJournal of Network and Computer Applications
Issue number3
StatePublished - Aug 2007


  • Distributed denial of service
  • Network security
  • Stateful attacks

ASJC Scopus subject areas

  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications


Dive into the research topics of 'Stateful DDoS attacks and targeted filtering'. Together they form a unique fingerprint.

Cite this