In recent years, DDoS has become one of the acute threaten to the Internet. During the DDoS attack, huge amount of attack traffic not only heavily consumes the network bandwidth but seriously depletes the victim server’s key resource, which, for the legitimate user, leads to service inaccessibility. To defense against this type of attack, joint defense strategies are proposed, requiring the cooperation between the ISP and the ASP, which combine packet marking, packet filtering strategy and packet blocking policy. With packet marking the approximation of legitimate traffic of each time zone could be observed and recorded. Once the aggregate traffic increases abnormally, the amount of attack traffic can be calculated and a near optimal filtering and blocking strategy for defense can be developed. In the thesis, the DDoS attack-defense scenario is modeled as a two level mathematical programming problem. In the inner problem, the defender strategically utilizes the limited resource to maximize the legitimate traffic. In the outer problem, the attacker tries to allocate its attack resource to minimize the legitimate traffic. A Lagrangean relaxation-based algorithm is proposed to solve the inner problem, and a subgradient-based heuristic algorithm is proposed to solve the outer problem.