
Notation  Description 

 Loading of each residual core node , where 
 Link utilization of each link , where 
 Negative effect caused by applying fake traffic adjustment 
 Negative effect caused by applying dynamic topology reconfiguration 
 Negative effect caused by applying local defense 
 The number of hops legitimate users experienced from one boundary node to core nodes 
 The total compromise events 
 The predefined threshold about QoS 
 The QoS level at the end of attack 
 The value of QoS determined by , , , , , and , where , 
 The total defense resource of the shortest path from compromised nodes detected to core node divided by total defense resource, where 
 The number of hops from compromised nodes detected to core node divided by the number of hops from attacker’s starting point, where 
 The linking number of core node divided by the maximum number in the topology, where 
 The priority of service provided by core node divided by the maximum service priority in the topology, where , 
 The risk threshold of core nodes 
 The risk status of each core node, which is the aggregation of defense resource, number of hops, link degree, and service priority 
