Present day, Internet Protocol (IP) networks are under constant threat of Denial of Service (DoS) IP attacks and malicious IP traffic that has a capability of causing congestion within available network bandwidth, while also interfering with the functionality of nodes such as routers, switches, application servers. Network administrators are able to identify computing devices (i.e. nodes) that are subject to a DoS IP attack. In doing so, network administrators may manually create and push filtering policies to affect nodes for the purpose of negating the effect of the DoS IP attack. However, manually determining attacks and generating a corrective filtering policy is generally inefficient and among other things may mean that substantial network and application outages may occur before the filtering policy is implemented.