DaaS: DDoS Mitigation-as-a-Service

DaaS is a service that protects a server against all 3 types of Distributed Denial-of-Service (DDoS), arbitrary packet, legit user-mimicking and economic attacks. For arbitrary packet DDoS defense, DaaS\´s framework facilitates harness of intermediaries that relay traffic to a server so that their total resource exceeds those of DDoS bots. For legit user-mimicking DDoS defense, DaaS\´s unique self-verifying Proof-of-Work (sPoW) empowers a sender to compete with bots by solving a more difficult sPoW puzzle to discover a more obscure "ephemeral" intermediary channel that has been designated to relay a single connection to its desired destination. For economic DDoS (eDDoS) defense (protection against DDoS stretching a server\´s metered-resource to inflate utilization charges), obscure ephemeral channels force bots to continuously expend resource to discover them before the bots can trigger channel utilization billing. Although neither using intermediaries nor PoW is new, DaaS represents a leap forward because: (1) DaaS framework tackles the incentive issue of harnessing intermediary resource to a volume sufficient for arbitrary packet DDoS defense, an issue ignored by existing work, and (2) sPoW protects against eDDoS, which conventional PoWs cannot, servers are billed, in principle, for only legitimate traffic relayed with bot traffic quietly discarded.