MIDAS:AnImpactScaleforDDoS attacks

We usually havewell-defined classification scales toestimate theintensity andimpactofnatural disasters. Prominent examples aretheRichter andtheFujita scales for measuring earthquakes andtornadoes respectively. Inthis pa- per, weapplysimilar ideas toestimate theimpact ofdistributed denial ofservice (DDoS) attacks fromtheperspective ofnetwork operators. Devising sucha classification scaleimproves our understanding ofDDoSattacks byassessing theactual damage incurred fromanISP'sperspective, andallows comparison ofvarious mitigation strategies. We havedesigned MIDAS,a DDoSimpact scale, basedontheeconomic impact ofaDDoS attack, calculated using economic andnetwork data. We then present anapproximation oftheMIDASscale thatrelies onlyon network measurements foreaseofcomputation. Todemonstrate theusefulness ofthescale, weperform sensitivity analysis to qualitatively validate themagnitude ofthescale value fordiverse attacks. I.INTRODUCTION Distributed denial ofservice (DDoS)attacks arebecoming increasingly common(1). Eventhough DDoSattacks tar- getendhosts, networks havetodealwithincreased traf- ficdemandsduring attacks. Inthiswork,we address the economic impact ofDDoSattacks andprovide anetwork centric MeasureofImpact ofDDoSAttackS (MIDAS) scale similar tosystems usedtoclassify theimpact ofearthquakes andtornadoes. Ourmotivation isthatsuchaclassification schemecanbeusedbyanynetwork operator toassess the severity ofaDDoSattack, andallow comparisons. Currently, acommonwayofcharacterizing DDoSattacks isinterms ofmeasures suchaspackets persecond (pps) orbitsper second (bps). Suchsimple measures aremisleading as,for instance, a100Mbps attack against awell-provisioned server inadatacenter isnegligible inimpact compared tothesame attack against anend-host connected through acable modem. Makingtheclassification concrete intermsoftheactual economic impact increases incentives toproactively mitigate DDoSattacks fromanoperator's perspective. Furthermore, aclassification schemewill leadtoimproved understanding oftheproperties ofDDoSattacks that havedirect impact on thenetworks. Ultimately, suchaschemeprovides valuable insights into evaluating anddesigning mitigation schemes. Tworeal world examples that inspire ourapproach, namely theRichter scale forearthquakes andtheFujita scale for tornadoes, serve toillustrate twodifferent approaches: mea- suring attributes oftheeventdirectly, versus, measuring theimpact oftheevent. TheRichter scale measures the magnitude ofanearthquake byestimating theenergy released fromthemotion oftectonic plates. Thatis,itmeasures the sizeofanearthquake, regardless ofwhether itcaused any damage ornot.TheFujita scale, ontheother hand, estimates theactual damagecaused byatornado basedonsurveys conducted afterward. Ittherefore estimates theimpact ofa tornado rather thanthesize. Soforexample, alarge tornado