Abstract:In this paper, an adaptive router throttle algorithm is presented to defend a server against distributed denial-of-service (DDoS) attacks. The key point of the algorithm is that the server asks selected upstream routers k hops away to install throttles on traffic flows destined for it so that the server's service capacity can be allocated among all flows with a max-min like fairness. The algorithm effectiveness is evaluated by using a realistic Internet topology and various models for attacker and good user distributions and behaviors. The results indicate that this server-centric router throttling is a promising approach to countering DDoS attacks.