Abstract
Distributed denial of service (DDoS) attacks have plagued the Internet for many years. We propose a system to defend against DDoS attacks in a non-cooperative environment, where upstream intermediate networks need to be given an economic incentive in order for them to cooperate in the attack mitigation. Lack of such incentives is a root cause for the rare deployment of distributed DDoS mitigation schemes. Our system is based on game-theoretic principles that provably provide incentives to each participating AS (Autonomous Systems) to report its true defense costs to the victim, which computes and compensates the most cost-efficient (yet still effective) set of defenders ASs. We also present simulation results with real AS-level topologies to demonstrate the economic feasibility of our approach.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Anderegg, L., Eidenbenz, S.: Ad hoc-VCG: a truthful and cost-efficient rout- ing protocol for mobile ad hoc networks with selfish agents. In: Proceedings of MobiCom 2003 (September 2003)
Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms. The MIT Press and McGraw-Hill, Cambridge (2001)
Eidenbenz, S., Resta, G., Santi, P.: COMMIT: A sender-centric truthful and energy-efficient routing protocol for ad hoc networks with selfish nodes. In: Proceedings of IPDPS 2005, April 2005, vol. 13 (2005)
Feigenbaum, J., Krishnamurthy, A., Sami, R., Shenker, S.: Approximation and collusion in multicast cost sharing. In: Proceedings of EC 2001 (2001)
Feigenbaum, J., Papadimitriou, C., Sami, R., Shenker, S.: A BGP-based mechanism for lowest-cost routing. In: Proc. of PODC 2002 (2002)
Green, J., Laffont, J.: Incentives in public decision making. Studies in Public Economies 1, 65–78 (1979)
Huang, Y., Geng, X., Whinston, A.B.: Defeating DDoS attacks by fixing the incentive chain. ACM Trans. on Internet Technology (2006)
Krishnamurthy, B., Wang, J.: On network-aware clustering of web clients. In: Proceedings of SIGCOMM 2000 (2000)
Mao, Z.M., Qiu, L., Wang, J., Zhang, Y.: On AS-level path inference. In: Proceedings of SIGMETRICS 2005, Banff, Alberta, Canada (June 2005)
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communications Review 34(2) (April 2004)
Honeynet Project and Research Alliance. Know your enemy: Tracking botnets (2005), http://www.honeynet.org/papers/bots/
Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical network support for IP traceback. In: Proceedings of ACM SIGCOMM 2000 (2000)
K. K. Singh. Botnets - an introduction. http://www- static.cc.gatech.edu/classes/AY2006/cs6262 spring/botnets.ppt.
Summary of the initial meeting of the dos-resistant internet working group (January 2005), http://www.thecii.org/dos-resistant/meeting-1/summary.html
Waldvogel, M.: GOSSIB vs. IP traceback rumors. In: Proc. of ACSAC 2002 (2002)
Yan, G., Eidenbenz, S.: Distributed DDoS mitigation in non-cooperative environments. Technical Report LAUR-07-3012, Los Alamos National Lab (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Yan, G., Eidenbenz, S. (2008). DDoS Mitigation in Non-cooperative Environments. In: Das, A., Pung, H.K., Lee, F.B.S., Wong, L.W.C. (eds) NETWORKING 2008 Ad Hoc and Sensor Networks, Wireless Networks, Next Generation Internet. NETWORKING 2008. Lecture Notes in Computer Science, vol 4982. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79549-0_52
Download citation
DOI: https://doi.org/10.1007/978-3-540-79549-0_52
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79548-3
Online ISBN: 978-3-540-79549-0
eBook Packages: Computer ScienceComputer Science (R0)