DDoS mitigation in non-cooperative environments

Guanhua Yan; Stephan Eidenbenz

doi:10.1007/978-3-540-79549-0_52

DDoS mitigation in non-cooperative environments

Guanhua Yan
, Stephan Eidenbenz

School of Computing

Binghamton University

Los Alamos National Laboratory

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Scopus citations

Abstract

Distributed denial of service (DDoS) attacks have plagued the Internet for many years. We propose a system to defend against DDoS attacks in a non-cooperative environment, where upstream intermediate networks need to be given an economic incentive in order for them to cooperate in the attack mitigation. Lack of such incentives is a root cause for the rare deployment of distributed DDoS mitigation schemes. Our system is based on game-theoretic principles that provably provide incentives to each participating AS (Autonomous Systems) to report its true defense costs to the victim, which computes and compensates the most cost-efficient (yet still effective) set of defenders ASs. We also present simulation results with real AS-level topologies to demonstrate the economic feasibility of our approach.

Original language	English
Title of host publication	NETWORKING 2008
Subtitle of host publication	AdHoc and Sensor Networks, Wireless Networks, Next Generation Internet - 7th International IFIP-TC6 Networking Conference, Proceedings
Pages	599-611
Number of pages	13
DOIs	https://doi.org/10.1007/978-3-540-79549-0_52
State	Published - 2008
Event	7th International IFIP-TC6 Networking Conference - NETWORKING 2008: AdHoc and Sensor Networks, Wireless Networks, Next Generation Internet - , Singapore Duration: May 5 2008 → Sep 5 2008

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4982 LNCS

Conference

Conference	7th International IFIP-TC6 Networking Conference - NETWORKING 2008: AdHoc and Sensor Networks, Wireless Networks, Next Generation Internet
Country/Territory	Singapore
Period	05/5/08 → 09/5/08

Access to Document

10.1007/978-3-540-79549-0_52

Cite this

Yan, G., & Eidenbenz, S. (2008). DDoS mitigation in non-cooperative environments. In NETWORKING 2008: AdHoc and Sensor Networks, Wireless Networks, Next Generation Internet - 7th International IFIP-TC6 Networking Conference, Proceedings (pp. 599-611). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4982 LNCS). https://doi.org/10.1007/978-3-540-79549-0_52

Yan, Guanhua ; Eidenbenz, Stephan. / DDoS mitigation in non-cooperative environments. NETWORKING 2008: AdHoc and Sensor Networks, Wireless Networks, Next Generation Internet - 7th International IFIP-TC6 Networking Conference, Proceedings. 2008. pp. 599-611 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{802d8ac851b445b297e73f90a16cfb38,

title = "DDoS mitigation in non-cooperative environments",

abstract = "Distributed denial of service (DDoS) attacks have plagued the Internet for many years. We propose a system to defend against DDoS attacks in a non-cooperative environment, where upstream intermediate networks need to be given an economic incentive in order for them to cooperate in the attack mitigation. Lack of such incentives is a root cause for the rare deployment of distributed DDoS mitigation schemes. Our system is based on game-theoretic principles that provably provide incentives to each participating AS (Autonomous Systems) to report its true defense costs to the victim, which computes and compensates the most cost-efficient (yet still effective) set of defenders ASs. We also present simulation results with real AS-level topologies to demonstrate the economic feasibility of our approach.",

author = "Guanhua Yan and Stephan Eidenbenz",

year = "2008",

doi = "10.1007/978-3-540-79549-0\_52",

language = "English",

isbn = "3540795480",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "599--611",

booktitle = "NETWORKING 2008",

note = "7th International IFIP-TC6 Networking Conference - NETWORKING 2008: AdHoc and Sensor Networks, Wireless Networks, Next Generation Internet ; Conference date: 05-05-2008 Through 05-09-2008",

}

Yan, G & Eidenbenz, S 2008, DDoS mitigation in non-cooperative environments. in NETWORKING 2008: AdHoc and Sensor Networks, Wireless Networks, Next Generation Internet - 7th International IFIP-TC6 Networking Conference, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4982 LNCS, pp. 599-611, 7th International IFIP-TC6 Networking Conference - NETWORKING 2008: AdHoc and Sensor Networks, Wireless Networks, Next Generation Internet, Singapore, 05/5/08. https://doi.org/10.1007/978-3-540-79549-0_52

DDoS mitigation in non-cooperative environments. / Yan, Guanhua; Eidenbenz, Stephan.
NETWORKING 2008: AdHoc and Sensor Networks, Wireless Networks, Next Generation Internet - 7th International IFIP-TC6 Networking Conference, Proceedings. 2008. p. 599-611 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4982 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - DDoS mitigation in non-cooperative environments

AU - Yan, Guanhua

AU - Eidenbenz, Stephan

PY - 2008

Y1 - 2008

N2 - Distributed denial of service (DDoS) attacks have plagued the Internet for many years. We propose a system to defend against DDoS attacks in a non-cooperative environment, where upstream intermediate networks need to be given an economic incentive in order for them to cooperate in the attack mitigation. Lack of such incentives is a root cause for the rare deployment of distributed DDoS mitigation schemes. Our system is based on game-theoretic principles that provably provide incentives to each participating AS (Autonomous Systems) to report its true defense costs to the victim, which computes and compensates the most cost-efficient (yet still effective) set of defenders ASs. We also present simulation results with real AS-level topologies to demonstrate the economic feasibility of our approach.

AB - Distributed denial of service (DDoS) attacks have plagued the Internet for many years. We propose a system to defend against DDoS attacks in a non-cooperative environment, where upstream intermediate networks need to be given an economic incentive in order for them to cooperate in the attack mitigation. Lack of such incentives is a root cause for the rare deployment of distributed DDoS mitigation schemes. Our system is based on game-theoretic principles that provably provide incentives to each participating AS (Autonomous Systems) to report its true defense costs to the victim, which computes and compensates the most cost-efficient (yet still effective) set of defenders ASs. We also present simulation results with real AS-level topologies to demonstrate the economic feasibility of our approach.

UR - https://www.scopus.com/pages/publications/44649146686

U2 - 10.1007/978-3-540-79549-0_52

DO - 10.1007/978-3-540-79549-0_52

M3 - Conference contribution

SN - 3540795480

SN - 9783540795483

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 599

EP - 611

BT - NETWORKING 2008

T2 - 7th International IFIP-TC6 Networking Conference - NETWORKING 2008: AdHoc and Sensor Networks, Wireless Networks, Next Generation Internet

Y2 - 5 May 2008 through 5 September 2008

ER -

Yan G, Eidenbenz S. DDoS mitigation in non-cooperative environments. In NETWORKING 2008: AdHoc and Sensor Networks, Wireless Networks, Next Generation Internet - 7th International IFIP-TC6 Networking Conference, Proceedings. 2008. p. 599-611. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-79549-0_52

DDoS mitigation in non-cooperative environments

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this