Time-to-recovery (TTR) is a metric, one of the resilience numbers a thorough DDoS test is built to capture. It is the elapsed time from when scrubbing engages to when the service returns to its normal performance baseline: error rates back to nominal, latency percentiles restored, queues drained, and connection pools recovered. Unlike time-to-mitigation, which measures how fast filtering starts, TTR measures how long the system needs to settle once the flood is filtered.
Why it matters in DDoS testing
Mitigation stopping the attack traffic is not the same as the service being healthy again. Saturated conntrack tables, exhausted worker pools, backed-up queues, and cold caches can keep an application degraded long after clean traffic resumes. A test measures the full curve, attack onset through full recovery, so the lingering tail is visible rather than assumed to be instant.
How recovery timing factors into a resilience score is covered in DDoS resilience testing.