Defeating DDoS attacks by fixing the incentive chain

Cooperative technological solutions for Distributed Denial-of-Service (DDoS) attacks are already available, yet organizations in the best position to implement them lack incentive to do so, and the victims of DDoS attacks cannot find effective methods to motivate them. In this article we discuss two components of the technological solutions to DDoS attacks: cooperative filtering and cooperative traffic smoothing by caching. We then analyze the broken incentive chain in each of these technological solutions. As a remedy, we propose usage-based pricing and Capacity Provision Networks, which enable victims to disseminate enough incentive along attack paths to stimulate cooperation against DDoS attacks.

[1]  Jerome H. Saltzer,et al.  End-to-end arguments in system design , 1984, TOCS.

[2]  Andrew B. Whinston,et al.  Research Commentary: Introducing a Third Dimension in Information Systems Design - The Case for Incentive Alignment , 2001, Inf. Syst. Res..

[3]  Andrew B. Whinston,et al.  Defeating distributed denial of service attacks , 2000 .

[4]  Huseyin Cavusoglu,et al.  The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers , 2004, Int. J. Electron. Commer..

[5]  Rocky K. C. Chang,et al.  Defending against flooding-based distributed denial-of-service attacks: a tutorial , 2002, IEEE Commun. Mag..

[6]  Michael B. Jones,et al.  SkipNet: A Scalable Overlay Network with Practical Locality Properties , 2003, USENIX Symposium on Internet Technologies and Systems.

[7]  Kevin M. Currier COMPARATIVE STATICS ANALYSIS IN ECONOMICS , 2000 .

[8]  Hui Zhang,et al.  Predicting Internet network distance with coordinates-based approaches , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[9]  Larry L. Peterson,et al.  Proceedings of the 5th Symposium on Operating Systems Design and Implementation the Effectiveness of Request Redirection on Cdn Robustness , 2022 .

[10]  Michael K. Reiter,et al.  Mitigating bandwidth-exhaustion attacks using congestion puzzles , 2004, CCS '04.

[11]  Idit Keidar,et al.  Exposing and eliminating vulnerabilities to denial of service attacks in secure gossip-based multicast , 2004, IEEE Transactions on Dependable and Secure Computing.

[12]  Andrew B. Whinston,et al.  A General Economic Equilibrium Model of Distributed Computing , 1994 .

[13]  Andrew B. Whinston,et al.  Defending Wireless Infrastructure Against the Challenge of DDoS Attacks , 2002, Mob. Networks Appl..

[14]  Andrew B. Whinston,et al.  The economics of network management , 1999, CACM.

[15]  J. Ledyard,et al.  Designing organizations for trading pollution rights , 1994 .

[16]  Andrew B. Whinston,et al.  Scaling Web Services with Capacity Provision Networks , 2003, Computer.

[17]  W. Norton A Business Case for ISP Peering , 2002 .

[18]  B WhinstonAndrew,et al.  Defeating DDoS attacks by fixing the incentive chain , 2007 .

[19]  Vernon J. Richardson,et al.  Assessing the risk in e-commerce , 2001, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.