17th Annual Computer Security Applications Conference
December 10-14, 2001
New Orleans, Louisiana

Mitigating Distributed Denial of Service Attacks with Dynamic Resource Pricing

David Mankins, Rajesh Krishnan, John Zao, Michael Frentz
BBN Technologies/Verizon Communications

Ceilyn Boyd

Distributed Denial of Service (DDoS) attacks exploit the acute imbalance between client and server workloads to cause devastation to the service providers. We propose a distributed gateway architecture and a payment protocol that imposes dynamically changing prices on both network, server, and information resources in order to push some cost of initiating service requests - in terms of monetary payments and/or computational burdens - back onto the requesting clients. By employing different price and purchase functions, the architecture can provide service quality differentiation and furthermore, select good client behavior and discriminate against adversarial behavior. If confirmed by additional experiments, judicious partitioning of resources using different pricing functions can improve overall service survivability.

Keywords: Distributed Denial of Service, Dynamic Resource Pricing, Market-based Service Quality Differentiation, Quality of Service, Micro-payment protocols, Proof of Work

Read Paper Read Paper (in PDF)