Art Duval


Media is loading

Document Type


Publication Date



Cyberspace operations (Military science), Cyberterrorism


A Distributed Denial of Service (DDoS) is a cyber attack, which is capable of triggering a cascading failure in the victim network. While DDoS attacks come in different forms, their general goal is to make a network's service unavailable to its users. A common, but risky, countermeasure is to blackhole or null route the source, or the attacked destination. When a server becomes a blackhole, or referred to as the sink in the paper, the data that is assigned to it "disappears" or gets deleted. Our research shows how mathematical modeling can propose an alternative blackholing strategy that could improve the efficiency of this countermeasure. We want to optimize efficiency in terms of obtaining the least possible data loss, which may include both legitimate and malicious traffic.The mathematical model previously mentioned is the Abelian Sandpile Model (ASM). Using the notion of self-organized criticality (SOC), the ASM can be extended to optimize the efficiency of using a blackholing strategy to drive the network to a stable state. To investigate the optimization of blackholing, we propose a chip-firing game that aims to determine the best server to blackhole, or enable as the sink, for each server acting as a potential source. Additionally, our research on this chip-firing game suggests a feasible server to enable as the sink for situations where mitigation takes priority over identifying the source. The undirected graphs of Internet backbone networks act as a playing field for the proposed chip-firing game. Our model, built in Sage, outputs matrices representing values of data preserved for each combination of source and sink. In addition to ranking servers by their susceptibility as a source and efficiency as a sink, analyzing such matrices serves a greater incentive that can allow us to learn hidden characteristics of the graph. For example, we found consequences of prolonged attacks that indicate there exists a certain limit point to an attack. Additionally, graphs that share similar structures end up having shared total values when the sink and the source match. Finally, when two networks of the same size take the structure of a tree graph, the vulnerability of the total networks are identical. Our research approaches a common network security issue, and abstracts the ideas in order to discover non-trivial properties of the networks at risk.


© Copyright the author(s)

This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).

The purpose of this statement is to help the public understand how this Item may be used. When there is a (non-standard) License or contract that governs re-use of the associated Item, this statement only summarizes the effects of some of its terms. It is not a License, and should not be used to license your Work. To license your own Work, use a License offered at

Persistent Identifier



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.