article

Defeating DDoS attacks by fixing the incentive chain

Authors:

Yun Huang,

Xianjun Geng,

Andrew B. WhinstonAuthors Info & Claims

ACM Transactions on Internet Technology (TOIT), Volume 7, Issue 1

Pages 5 - es

https://doi.org/10.1145/1189740.1189745

Published: 01 February 2007 Publication History

Get Access

Abstract

Cooperative technological solutions for Distributed Denial-of-Service (DDoS) attacks are already available, yet organizations in the best position to implement them lack incentive to do so, and the victims of DDoS attacks cannot find effective methods to motivate them. In this article we discuss two components of the technological solutions to DDoS attacks: cooperative filtering and cooperative traffic smoothing by caching. We then analyze the broken incentive chain in each of these technological solutions. As a remedy, we propose usage-based pricing and Capacity Provision Networks, which enable victims to disseminate enough incentive along attack paths to stimulate cooperation against DDoS attacks.

References

[1]

Ba, S., Stallaert, J., and Whinston, A. B. 2001. Research commentary: introducing a third dimension in information systems design---the case for incentive alignment. Information Systems Research 12, 225--239.

Digital Library

Google Scholar

[2]

Badishi, G., Keidar, I., and Sasson, A. 2004. Exposing and eliminating vulnerabilities to denial of service attacks in secure gossip-based multicast. In Proceedings of the International Conference on Dependable Systems and Networks (DSN'04), Palazzo dei Congressi, Florence, Italy, June, 223--232.

Digital Library

Google Scholar

[3]

Cavusoglu, H., Mishra, B. K., And Raghunathan, S. 2002. The effect of internet security breach announcements on market value of breached firms and internet security developers. Workshop on Information Systems and Economics Program, Barcelona, Spain, December.

Google Scholar

[4]

Chang, R. K. C. 2002. Defending against flooding-based distributed denial-of-service attacks: a tutorial. IEEE Comm. Mag. 40, 42--51.

Digital Library

Google Scholar

[5]

Currier, K. M. 2000. Comparative Statics Analysis in Economics, World Scientific Publishing Co.

Google Scholar

[6]

Ettredge, M. and Richardson, V. 2002. Assessing the risk in E-commerce. In Proceedings of the 35th Hawaii International Conference on System Sciences (HICSS'02) vol. 7, Big Island, Hawaii (January), IEEE Computer Society Press, Los Alamitos, CA, 194.

Digital Library

Google Scholar

[7]

Geng, X. and Whinston, A. B. 2000. Defeating distributed denial of service attacks. IEEE IT Professional 2, 36--41.

Digital Library

Google Scholar

[8]

Geng, X., Gopal, R., Ramesh, R., and Whinston, A. B. 2003. Scaling Web services with capacity provision networks. IEEE Comput. 36, 64--72.

Digital Library

Google Scholar

[9]

Geng, X., Gopal, R., Ramesh, R., and Whinston, A. B. 2005. Capacity provision networks: foundations of markets for internet caching. In Proceedings of the 10th INFORMS Conference on Information Systems and Technology (CIST), San Fransisco, CA (November).

Google Scholar

[10]

Geng, X., Huang, Y., and Whinston, A. B. 2002. Defending wireless infrastructure against the challenge of DDoS attacks. ACM J. Mobile Netw. Appl. 7, 213--223.

Digital Library

Google Scholar

[11]

Gupta, A., Stahl, D. O., and Whinston, A. B. 1999. The economics of network management. Comm. ACM 42, 57--63.

Digital Library

Google Scholar

[12]

Harvey, N. J. A., Jones, M. B., Saroiu, S., Theimer, M., and Wolman, A. 2003. Skipnet: A scalable overlay network with practical locality properties. In Proceedings of the Fourth USENIX Symposium on Internet Technologies and Systems, Seattle, WA (March).

Digital Library

Google Scholar

[13]

Huang, Y., Geng, X., and Whinston, A. B. 2003. Network mapping services for provisioning of decentralized web services: promises and issues. In Proceedings of the 2nd Workshop on e-Business, Seattle, WA (December).

Google Scholar

[14]

Ledyard, J.O. and Szakaly-Moore, K. 1994. Designing organizations for trading pollution rights, J. Eco. Behav. Org. 25, 167--196.

Crossref

Google Scholar

[15]

Kleinbard, D. 2000. More sites hacked in wake of Yahoo&excl;. CNN Money News (Feb. 8), Published on the Web, <http://money.cnn.com/2000/02/08/technology/yahoo>.

Google Scholar

[16]

Mirkovic, J., Dietrich, J. S., Dittrich, D., and Reiher, P. 2005. Internet Denial of Service: Attack and Defense Mechanisms. Prentice Hall PTR, Indianapolis, IN.

Digital Library

Google Scholar

[17]

Naraine, R. 2002. Massive DDoS attack hit DNS root servers. Internetnews.com (Oct. 23), Published on the Web, <http://www.internetnews.com/dev-news/article.php/1486981>.

Google Scholar

[18]

Ng, T. S. E. and Zhang, H. 2002. Predicting Internet network distance with coordinates-based approaches. In Proceedings of IEEE INFOCOM 2002, New York, NY (June).

Google Scholar

[19]

Norton, W. B. 2002. A business case for ISP Peering, Published on the Web, <http://www.equinix.com/pdf/whitepapers/Business_case.pdf>.

Google Scholar

[20]

Saltzer, J. H., Reed, D. P., and Clark, D. D. 1984. End-to-end arguments in system design. ACM Trans. Comput. Syst. 2, 277--288.

Digital Library

Google Scholar

[21]

Stahl, D. O. and Whinston, A. B. 1994. A general economic equilibrium model of distributed computing. In New Directions in Computational Economics, Kluwer Academic Publishers, London, UK, 175--189.

Google Scholar

[22]

Wang, L., Pai, V., and Peterson, L. 2002. The effectiveness of request redirection on CDN robustness. In Proceedings of the 5th Symposium on Operating System Design and Implementation, Boston, MA (December), 345--360.

Digital Library

Google Scholar

[23]

Wang, X. and Reiter, M. K. 2004. Mitigating bandwidth-exhaustion attacks using congestion puzzles. In Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington, DC (October), 257--267.

Digital Library

Google Scholar

[24]

Xiang, Y., Zhou, W., and Chowdhury, M. 2004. A survey of active and passive defence mechanisms against DDoS attacks. Tech. Rep., TR C04/02. School of Information Technology, Deakin University, Australia (March).

Google Scholar

Cited By

View all

Zhang MLi JWu JReiher P(2024)A Game Theoretical Analysis of Distributed Denial-of-Service Defense IncentiveSecurity and Privacy in Communication Networks10.1007/978-3-031-64954-7_1(3-24)Online publication date: 15-Oct-2024
https://doi.org/10.1007/978-3-031-64954-7_1
Chu YLee JKim SKim HYoon YChung H(2022)Review of Offline Payment Function of CBDC Considering Security RequirementsApplied Sciences10.3390/app1209448812:9(4488)Online publication date: 28-Apr-2022
https://doi.org/10.3390/app12094488
Gupta BDahiya AUpneja CGarg AChoudhary R(2020)A Comprehensive Survey on DDoS Attacks and Recent Defense MechanismsHandbook of Research on Intrusion Detection Systems10.4018/978-1-7998-2242-4.ch010(186-218)Online publication date: 2020
https://doi.org/10.4018/978-1-7998-2242-4.ch010
Show More Cited By

Index Terms

Recommendations

Detecting SYN flooding attacks based on traffic prediction

SYN flooding attacks are a common type of distributed denial-of-service attacks. Up to now, many defense schemes have been proposed against SYN flooding attacks. Traditional defense schemes rely on passively sniffing an attacking signature and are ...
DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance
Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks

IEEE 802.11 access points deployed in shopping malls, university campuses, crowded streets, airports, and many other locations provide ubiquitous Internet access to millions of stations. However, these hot spots are vulnerable to Denial-of-Service (DoS) ...

Reviews

Reviewer: Myles F. McNally

Want to disable an Internet content provider (ICP) like Yahoo! or Amazon__?__ Or perhaps you are interested in attacking the Department of Defense Web site or other government sites. Then a denial of service (DoS) attack is for you. Simply overwhelm the target site with Internet traffic. Even if its gateway routers prevent the attack from reaching its content servers, the site itself is compromised. To massively flood such a site, recruit (that is, attack and takeover) a legion of "zombie" computers across the Internet and then launch the attack simultaneously from each of them (a distributed denial of service attack (DDoS)). To get a sense of the potential size of such an attack, consider the case of so-called "Botmaster" Jeanson James Ancheta, who in 2005 pled guilty to charges of conspiracy, damaging computers used by the US government, and fraud. He and others recruited over 400,000 zombie computers, including machines in a weapons division of a US Naval Air Warfare Center, and were leasing subnets of these zombie machines to others for use in DDoS attacks and massive spam mailings. Since DDoS attacks have been going on for some time, why has no effective means been found to prevent them or at least minimize their effects__?__ Actually, the authors of this paper claim that such means already exist, but organizations in the best position to implement them have no economic incentive to do so. Under our current Internet organizational structure, only the target of the attack (the ICP) and indirectly its regional Internet service provider (ISP) have economic incentives to prevent particular attacks. While the ICP itself is simply overwhelmed, the providing ISP is likely to have so much excess capacity that it is not compromised. The excess capacities of the regional ISPs to which the zombie computers connect and the backbone ISP networks over which they communicate mean that those systems are not comprised either. Given that DDoS attacks do not comprise their services, the ISPs have no incentive to implement what Huang, Geng, and Whinston take to be the two most effective ways to handle DDoS attacks: cooperative filtering and cooperative caching. Both of these techniques are designed to blunt attacks once they are underway. As their names suggest, they require wide-scale cooperation among ISPs. Achieving such cooperation requires fixing the "incentive chain," which currently stops prematurely at the content provider. In cooperative filtering, ISPs along the attack path filter out attack traffic. This involves three phases: alarming, where an intrusion detection system identifies suspicious traffic; tracing, the tracking back as far as possible along each attack path; and filtering, where ISPs far back along each path simply filter out attack traffic. The most effective tracking would require ISPs to ban Internet protocol (IP) spoofing (the use of false IP addresses), which could be done by the immediate ISPs of attacking computers. This would allow attacking zombie computers to be identified and then taken offline. How can an economic incentive be provided to ISPs to take such actions__?__ The authors suggest switching from a subscription-based capacity model, where all of the players routinely have far more bandwidth than they need, to a dynamic model, in which each player pays for actual bandwidth used. In such a system, everyone would have an incentive to use network resources judiciously, and in particular eliminate spurious traffic. Many ISPs using caching to provide faster service to their own customers. Cooperative caching involves ISPs providing caching services to noncustomers as well. If a request could be satisfied by any number of caching servers across the Internet, the quality of service provided to all customers would be improved. Almost as a side benefit, the effects of DDoS attacks would be diluted. Rather than a particular site being overwhelmed with traffic, the many caching sites would be able to handle the increased traffic flow. Of course, there are issues with nonstatic content, which currently only the ICP could provide. But technologies like Edge Side Includes are being developed that would allow dynamic content to be generated at multiple locations rather than just at the ICP. To coordinate this caching scheme, the authors propose a capacity provision network market mechanism, in which regional ISPs have their caching organized by a third entity, which receives payments directly from the various ICPs. The authors spend a fair amount of time in the paper arguing the merits of this model, which seems promising. This is an interesting and important paper. Its diagnosis of why we can't seem to stop DDoS attacks leads to bold recommendations that would change the fundamental economic structure of the Internet. If we believe the arguments of the authors, such changes will lead not only to an end of DDoS attacks, but also to a higher quality of service for all Internet users. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Internet Technology

ACM Transactions on Internet Technology Volume 7, Issue 1

February 2007

184 pages

ISSN:1533-5399

EISSN:1557-6051

DOI:10.1145/1189740

Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 February 2007

Published in TOIT Volume 7, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

29
Total Citations
View Citations
1,847
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Zhang MLi JWu JReiher P(2024)A Game Theoretical Analysis of Distributed Denial-of-Service Defense IncentiveSecurity and Privacy in Communication Networks10.1007/978-3-031-64954-7_1(3-24)Online publication date: 15-Oct-2024
https://doi.org/10.1007/978-3-031-64954-7_1
Chu YLee JKim SKim HYoon YChung H(2022)Review of Offline Payment Function of CBDC Considering Security RequirementsApplied Sciences10.3390/app1209448812:9(4488)Online publication date: 28-Apr-2022
https://doi.org/10.3390/app12094488
Gupta BDahiya AUpneja CGarg AChoudhary R(2020)A Comprehensive Survey on DDoS Attacks and Recent Defense MechanismsHandbook of Research on Intrusion Detection Systems10.4018/978-1-7998-2242-4.ch010(186-218)Online publication date: 2020
https://doi.org/10.4018/978-1-7998-2242-4.ch010
Machado CWestphall C(2020)Blockchain incentivized data forwarding in MANETs: Strategies and challengesAd Hoc Networks10.1016/j.adhoc.2020.102321(102321)Online publication date: Oct-2020
https://doi.org/10.1016/j.adhoc.2020.102321
Pappas CLee TReischuk RSzalachowski PPerrig A(2019)Network Transparency for Better Internet SecurityIEEE/ACM Transactions on Networking10.1109/TNET.2019.293713227:5(2028-2042)Online publication date: 1-Oct-2019
https://dl.acm.org/doi/10.1109/TNET.2019.2937132
Dahiya AGupta B(2019)A PBNM and economic incentive-based defensive mechanism against DDoS attacksEnterprise Information Systems10.1080/17517575.2019.1700553(1-21)Online publication date: 8-Dec-2019
https://doi.org/10.1080/17517575.2019.1700553
Chondros NZhang BZacharias TDiamantopoulos PManeas SPatsonakis CDelis AKiayias ARoussopoulos M(2019)Distributed, End-to-end Verifiable, and Privacy-Preserving Internet Voting SystemsComputers & Security10.1016/j.cose.2019.03.001Online publication date: Mar-2019
https://doi.org/10.1016/j.cose.2019.03.001
Guo YMiao FZhang LWang Y(2019)CATH: an effective method for detecting denial-of-service attacks in software defined networksScience China Information Sciences10.1007/s11432-017-9439-762:3Online publication date: 12-Feb-2019
https://doi.org/10.1007/s11432-017-9439-7
Dahiya AGupta B(2019)DDoS Attacks Detection and Mitigation Using Economic Incentive-Based SolutionFirst International Conference on Sustainable Technologies for Computational Intelligence10.1007/978-981-15-0029-9_57(729-738)Online publication date: 2-Nov-2019
https://doi.org/10.1007/978-981-15-0029-9_57
Adat VGupta B(2017)A DDoS attack mitigation framework for internet of things2017 International Conference on Communication and Signal Processing (ICCSP)10.1109/ICCSP.2017.8286761(2036-2041)Online publication date: Apr-2017
https://doi.org/10.1109/ICCSP.2017.8286761
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Detecting SYN flooding attacks based on traffic prediction

DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance

Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks

Reviews

Access critical reviews of Computing literature here

Comments

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Detecting SYN flooding attacks based on traffic prediction

DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance

Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations