DDoS Attacks Detection and Mitigation Using Economic Incentive-Based Solution
DDoS attack is posing an immense threat to Internet and online businesses. DDoS attack makes an online service unavailable to legitimate users by sending voluminous number of dummy requests or by exploiting some vulnerability or security flaws present in current Internet infrastructure. Information present on Internet needs to be defended against DDoS attack by not only technological means but also with the help of economic means using incentives as a tool. In this paper, we have proposed a model using a network management strategy which involves policies to maintain quality of service (QoS) during a DDoS attack. User must have sending rights in the form of contract to access server. A XML form having different fields on QoS parameters is provided by the service provider which a user has to fill with the help of policies present in policy pool. This XML form is turned into contract after evaluation by the control broker. Policy-based network management (PBNM) is used to execute proposed approach which enables user to have dynamic negotiation with the service provider on the cost and types of resources. Proposed model has been implemented on NS2. Results obtained from simulation show the supremacy of our proposed model.
KeywordsDDoS attack Economic incentives PBNM QoS Risk transfer
This research work is being supported by sponsored project grant (SB/FTP/ETA-131/2014) from SERB, DST, Government of India.
- 2.Wang, X., Reiter, M. K.: Mitigating bandwidth-exhaustion attacks using congestion puzzles. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 257–267. ACM (2004)Google Scholar
- 4.Simmons, G. J.: Cryptanalysis and protocol failures. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 213–214. ACM (1993)Google Scholar
- 5.Sandhu, R.: Role-based access control, advanced in computers. Acad. Press 46 (1998)Google Scholar
- 7.Ferguson, P.: Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing (2000)Google Scholar
- 14.Mirković, J., Prier, G., Reiher, P.: Attacking DDoS at the source. In: Null, p. 312. IEEE (2002)Google Scholar
- 15.Robinson, M., Mirkovic, J., Michel, S., Schnaider, M., Reiher, P.: DefCOM: defensive cooperative overlay mesh. In: Proceedings DARPA Information Survivability Conference and Exposition, vol. 2, pp. 101–102. IEEE (2003)Google Scholar