Filtering Undesirable Flows in Networks

  • Gleb Polevoy
  • Stojan Trajanovski
  • Paola Grosso
  • Cees de Laat
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10627)


We study the problem of fully mitigating the effects of denial of service by filtering the minimum necessary set of the undesirable flows. First, we model this problem and then we concentrate on a subproblem where every good flow has a bottleneck. We prove that unless \(\text {P}= \text {NP}\), this subproblem is inapproximable within factor \(2^{\log ^{1 - 1/\log \log ^c (n)}(n)}\), for \(n = \left| E \right| + \left| GF \right| \) and any \(c < 0.5\). We provide a \(b (k + 1)\)-factor polynomial approximation, where k bounds the number of the desirable flows that a desirable flow intersects, and b bounds the number of the undesirable flows that can intersect a desirable one at a given edge. Our algorithm uses the local ratio technique.


Flow Filter MMSA Set cover Approximation Local ratio algorithm 



This research is funded by the Dutch Science Foundation project SARNET (grant no: CYBSEC.14.003/618.001.016).


  1. 1.
    Agarwal, S., Kodialam, M.S., Lakshman, T.V.: Traffic engineering in software defined networks. In: INFOCOM, pp. 2211–2219. IEEE (2013)Google Scholar
  2. 2.
    Akyildiz, I.F., Lee, A., Wang, P., Luo, M., Chou, W.: A roadmap for traffic engineering in SDN-openflow networks. Comput. Netw. 71, 1–30 (2014)CrossRefGoogle Scholar
  3. 3.
    Bar-Noy, A., Bar-Yehuda, R., Freund, A., Naor, J., Shieber, B.: A unified approach to approximating resource allocation and scheduling. J. ACM 48(5), 1069–1090 (2001)CrossRefzbMATHMathSciNetGoogle Scholar
  4. 4.
    Bar-Yehuda, R., Even, S.: A local-ratio theorem for approximating the weighted vertex cover problem. North-Holland Math. Stud. 109, 27–45 (1985)CrossRefzbMATHMathSciNetGoogle Scholar
  5. 5.
    Bar-Yehuda, R., Bendel, K., Freund, A., Rawitz, D.: Local ratio: a unified framework for approximation algorithms. In memoriam: shimon even 1935–2004. ACM Comput. Surv. 36(4), 422–463 (2004)CrossRefGoogle Scholar
  6. 6.
    Bertsekas, D.P.: Gallager: Data Networks, 2nd edn. Prentice-Hall, Englewood Cliffs (1992)Google Scholar
  7. 7.
    Bondy, J., Murty, U.: Graph Theory with Applications. North Holland, New York (1976)CrossRefzbMATHGoogle Scholar
  8. 8.
    Cormen, T., Leiserson, C., Rivest, R., Stein, C.: Introduction to Algorithms, 3rd edn. MIT Press, Cambridge (2009)zbMATHGoogle Scholar
  9. 9.
    Dinur, I., Safra, S.: On the hardness of approximating label-cover. Inf. Process. Lett. 89(5), 247–254 (2004)CrossRefzbMATHMathSciNetGoogle Scholar
  10. 10.
    Even, S., Itai, A., Shamir, A.: On the complexity of time table and multi-commodity flow problems. In: Proceedings of the 16th Annual Symposium on Foundations of Computer Science (SFCS 1975), pp. 184–193. IEEE Computer Society, Washington (1975)Google Scholar
  11. 11.
    Ferguson, P., Senie, D.: Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing (1998)Google Scholar
  12. 12.
    Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman & Co., New York (1979)zbMATHGoogle Scholar
  13. 13.
    Italiano, G.F.: Finding paths and deleting edges in directed acyclic graphs. Inf. Process. Lett. 28(1), 5–11 (1988)CrossRefzbMATHMathSciNetGoogle Scholar
  14. 14.
    Khuller, S., Thurimella, R.: Approximation algorithms for graph augmentation. J. Algorithms 14(2), 214–225 (1993)CrossRefzbMATHMathSciNetGoogle Scholar
  15. 15.
    Kleinberg, J., Tardos, E.: Algorithm Design. Addison-Wesley Longman Publishing Co., Inc., Boston (2005)Google Scholar
  16. 16.
    Koning, R., de Graaff, B., de Laat, C., Meijer, R., Grosso, P.: Interactive analysis of SDN-driven defence against distributed denial of service attacks. In: 2016 IEEE NetSoft Conference and Workshops (NetSoft), pp. 483–488, June 2016Google Scholar
  17. 17.
    Mirkovic, J., Dietrich, S., Dittrich, D., Reiher, P.: Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security). Prentice Hall PTR, Upper Saddle River (2004)Google Scholar
  18. 18.
    Mirkovic, J., Reiher, P.: A taxonomy of DDOS attack and DDOS defense mechanisms. SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)CrossRefGoogle Scholar
  19. 19.
    Rodrigue, J.P.: The Geography of Transport Systems, 4th edn. Routledge, New York (2017)Google Scholar
  20. 20.
    Vazirani, V.: Approximation Algorithms. Springer (2001)Google Scholar
  21. 21.
    Yannakakis, M.: Node-and edge-deletion NP-complete problems. In: Proceedings of the Tenth Annual ACM Symposium on Theory of Computing (STOC 1978), pp. 253–264. ACM, New York (1978)Google Scholar
  22. 22.
    Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Gleb Polevoy
    • 1
  • Stojan Trajanovski
    • 1
    • 2
  • Paola Grosso
    • 1
  • Cees de Laat
    • 1
  1. 1.University of AmsterdamAmsterdamthe Netherlands
  2. 2.Philips ResearchEindhoventhe Netherlands

Personalised recommendations