Mitigating distributed denial of service attacks with dynamic resource pricing

Author

Mankins, David ; Krishnan, Rajesh ; Boyd, Ceilyn ; Zao, John ; Frentz, Michael

fYear

2001

fDate

10-14 Dec. 2001

Firstpage

411

Lastpage

421

Abstract

Distributed denial of service (DDoS) attacks exploit the acute imbalance between client and server workloads to cause devastation to the service providers. We propose a distributed gateway architecture and a payment protocol that imposes dynamically changing prices on network, server, and information resources in order to push some cost of initiating service requests - in terms of monetary payments and/or computational burdens back onto the requesting clients. By employing different price and purchase functions, the architecture can provide service quality differentiation and furthermore, select good client behavior and discriminate against adversarial behavior. If confirmed by additional experiments, judicious partitioning of resources using different pricing functions can improve overall service survivability.

Keywords

Internet; client-server systems; computer network reliability; internetworking; protocols; quality of service; security of data; tariffs; telecommunication security; DDoS attacks; Internet; client server system; distributed denial of service; distributed gateway architecture; dynamic resource pricing; payment protocol; purchase functions; resource partitioning; service quality differentiation; service survivability; Computer crime; Contracts; Costs; Data security; Filtering; Operating systems; Pricing; Protocols; Storms; Web and internet services;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual

Print_ISBN

0-7695-1405-7

Type

conf

DOI

10.1109/ACSAC.2001.991558

Filename

991558