DDoS mitigation in non-cooperative environments

Authors:
Guanhua Yan;Stephan Eidenbenz
Affiliations:
Information Sciences, CCS-3, Los Alamos National Laboratory, Los Alamos, NM;Information Sciences, CCS-3, Los Alamos National Laboratory, Los Alamos, NM
Venue:
NETWORKING'08 Proceedings of the 7th international IFIP-TC6 networking conference on AdHoc and sensor networks, wireless networks, next generation internet
Year:
2008

Citing 11
Cited 2

On network-aware clustering of Web clients

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Practical network support for IP traceback

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Approximation and collusion in multicast cost sharing (extended abstract)

Proceedings of the 3rd ACM conference on Electronic Commerce
A BGP-based mechanism for lowest-cost routing

Proceedings of the twenty-first annual symposium on Principles of distributed computing
Introduction to Algorithms

Introduction to Algorithms
GOSSIB vs. IP Traceback Rumors

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Ad hoc-VCG: a truthful and cost-efficient routing protocol for mobile ad hoc networks with selfish agents

Proceedings of the 9th annual international conference on Mobile computing and networking
A taxonomy of DDoS attack and DDoS defense mechanisms

ACM SIGCOMM Computer Communication Review
COMMIT: A Sender-Centric Truthful and Energy-Efficient Routing Protocol for Ad Hoc Networks with Selfish Nodes

IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 12 - Volume 13
On AS-level path inference

SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Defeating DDoS attacks by fixing the incentive chain

ACM Transactions on Internet Technology (TOIT)

Evidential structures and metrics for network forensics

International Journal of Internet Technology and Secured Transactions
Towards a bayesian network game framework for evaluating DDoS attacks and defense

Proceedings of the 2012 ACM conference on Computer and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Distributed denial of service (DDoS) attacks have plagued the Internet for many years. We propose a system to defend against DDoS attacks in a non-cooperative environment, where upstream intermediate networks need to be given an economic incentive in order for them to cooperate in the attack mitigation. Lack of such incentives is a root cause for the rare deployment of distributed DDoS mitigation schemes. Our system is based on game-theoretic principles that provably provide incentives to each participating AS (Autonomous Systems) to report its true defense costs to the victim, which computes and compensates the most cost-efficient (yet still effective) set of defenders ASs. We also present simulation results with real AS-level topologies to demonstrate the economic feasibility of our approach.