STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
IEEE/ACM Transactions on Networking (TON)
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Internet indirection infrastructure
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Serving DNS Using a Peer-to-Peer Lookup Service
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
A comparison of overlay routing and multihoming route control
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
The design and implementation of a next generation name service for the internet
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Analyzing Distributed Denial of Service Tools: The Shaft Case
LISA '00 Proceedings of the 14th USENIX conference on System administration
OpenDHT: a public DHT service and its uses
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Meridian: a lightweight network location service without virtual coordinates
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
ClosestNode.com: an open access, scalable, shared geocast service for distributed systems
ACM SIGOPS Operating Systems Review
Distributed mechanism in detecting and defending against the low-rate TCP attack
Computer Networks: The International Journal of Computer and Telecommunications Networking
Reliability and security in the CoDeeN content distribution network
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Democratizing content publication with coral
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Mayday: distributed filtering for internet services
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
OASIS: anycast for any service
NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
Security and insurance management in networks with heterogeneous agents
Proceedings of the 9th ACM conference on Electronic commerce
Hi-index | 0.00 |
Despite a plethora of research in the area, none of the mechanisms proposed so far for Denial-of-Service (DoS) mitigation has been widely deployed. We argue in this paper that these deployment difficulties are primarily due to economic inefficiency, rather than to technical shortcomings of the proposed DoS-resilient technologies. We identify economic phenomena, negative externality---the benefit derived from adopting a technology depends on the action of others---and economic incentive misalignment---the party who suffers from an economic loss is different from the party who is in the best position to prevent that loss---as the main stumbling blocks of adoption. Our main contribution is a novel DoS mitigation architecture, Burrows, with an economic incentive realignment property. Burrows is obtained by re-factoring existing key DoS mitigation technologies, and can increase the "social welfare," i.e., economic benefit, of the entire Internet community---both infrastructure providers and the Internet users. At the core of Burrows is a wide-area virtual private network, or secure overlay, carved out of the existing Internet. Entry points into the Burrows overlay are controlled by gateways, which in addition to providing connectivity, minimize negative externality flowing between Burrows and the Internet. To rectify the aforementioned economic incentive misalignment, the power to realize Burrows is put into the hands of the Internet users. In addition, Burrows supports incremental deployment: even with as few as two participants, Burrows provides an environment more secure than without it.