DDoS Attacks Detection and Mitigation Using Economic Incentive-Based Solution

  • Amrita Dahiya
  • B. B. GuptaEmail author
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1045)


DDoS attack is posing an immense threat to Internet and online businesses. DDoS attack makes an online service unavailable to legitimate users by sending voluminous number of dummy requests or by exploiting some vulnerability or security flaws present in current Internet infrastructure. Information present on Internet needs to be defended against DDoS attack by not only technological means but also with the help of economic means using incentives as a tool. In this paper, we have proposed a model using a network management strategy which involves policies to maintain quality of service (QoS) during a DDoS attack. User must have sending rights in the form of contract to access server. A XML form having different fields on QoS parameters is provided by the service provider which a user has to fill with the help of policies present in policy pool. This XML form is turned into contract after evaluation by the control broker. Policy-based network management (PBNM) is used to execute proposed approach which enables user to have dynamic negotiation with the service provider on the cost and types of resources. Proposed model has been implemented on NS2. Results obtained from simulation show the supremacy of our proposed model.


DDoS attack Economic incentives PBNM QoS Risk transfer 



This research work is being supported by sponsored project grant (SB/FTP/ETA-131/2014) from SERB, DST, Government of India.


  1. 1.
    Chang, R.K.: Defending against flooding-based distributed denial-of-service attacks: a tutorial. IEEE Commun. Mag. 40(10), 42–51 (2002)CrossRefGoogle Scholar
  2. 2.
    Wang, X., Reiter, M. K.: Mitigating bandwidth-exhaustion attacks using congestion puzzles. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 257–267. ACM (2004)Google Scholar
  3. 3.
    Badishi, G., Keidar, I., Sasson, A.: Exposing and eliminating vulnerabilities to denial of service attacks in secure gossip-based multicast. IEEE Trans. Dependable Secure Comput. 3(1), 45–61 (2006)CrossRefGoogle Scholar
  4. 4.
    Simmons, G. J.: Cryptanalysis and protocol failures. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 213–214. ACM (1993)Google Scholar
  5. 5.
    Sandhu, R.: Role-based access control, advanced in computers. Acad. Press 46 (1998)Google Scholar
  6. 6.
    Vigna, G., Kemmerer, R.A.: NetSTAT: a network-based intrusion detection system. J. Comput. Secur. 7(1), 37–71 (1999)CrossRefGoogle Scholar
  7. 7.
    Ferguson, P.: Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing (2000)Google Scholar
  8. 8.
    Geng, X., Whinston, A.B.: Defeating distributed denial of service attacks. IT Prof 2(4), 36–42 (2000)CrossRefGoogle Scholar
  9. 9.
    Geng, X., Huang, Y., Whinston, A.B.: Defending wireless infrastructure against the challenge of DDoS attacks. Mobile Netw. Appl. 7(3), 213–223 (2002)CrossRefGoogle Scholar
  10. 10.
    Pérez, G.M., Skarmeta, A.F.G., Zeber, S., Spagnolo, J., Symchych, T.: Dynamic policy-based network management for a secure coalition environment. IEEE Commun. Mag. 44(11), 58–64 (2006)CrossRefGoogle Scholar
  11. 11.
    Huang, Y., Geng, X., Whinston, A.B.: Defeating DDoS attacks by fixing the incentive chain. ACM Trans. Internet Technol. (TOIT) 7(1), 5 (2007)CrossRefGoogle Scholar
  12. 12.
    Gupta, A., Stahl, D.O., Whinston, A.B.: The economics of network management. Commun. ACM 42(9), 57–63 (1999)CrossRefGoogle Scholar
  13. 13.
    Mirjalili, S., Lewis, A.: The whale optimization algorithm. Adv. Eng. Softw. 95, 51–67 (2016)CrossRefGoogle Scholar
  14. 14.
    Mirković, J., Prier, G., Reiher, P.: Attacking DDoS at the source. In: Null, p. 312. IEEE (2002)Google Scholar
  15. 15.
    Robinson, M., Mirkovic, J., Michel, S., Schnaider, M., Reiher, P.: DefCOM: defensive cooperative overlay mesh. In: Proceedings DARPA Information Survivability Conference and Exposition, vol. 2, pp. 101–102. IEEE (2003)Google Scholar
  16. 16.
    Guo, Z., Xu, Y., Liu, R., Gushchin, A., Chen, K.Y., Walid, A., Chao, H.J.: Balancing flow table occupancy and link utilization in software-defined networks. Future Gener. Comput. Syst. 89, 213–223 (2018)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.National Institute of Technology, KurukshetraKurukshetraIndia

Personalised recommendations