IEICE TRANSACTIONS on Communications
Open Access
Pay the Piper: DDoS Mitigation Technique to Deter Financially-Motivated Attackers
-
Full Text Views
41
- Cite this
- Free PDF (2MB)
Summary :
Distributed Denial of Service attacks against the application layer (L7 DDoS) are among the most difficult attacks to defend against because they mimic normal user behavior. Some mitigation techniques against L7 DDoS, e.g., IP blacklisting and load balancing using a content delivery network, have been proposed; unfortunately, these are symptomatic treatments rather than fundamental solutions. In this paper, we propose a novel technique to disincentivize attackers from launching a DDoS attack by increasing attack costs. Assuming financially motivated attackers seeking to gain profit via DDoS attacks, their primary goal is to maximize revenue. On the basis of this assumption, we also propose a mitigation solution that requires mining cryptocurrencies to access servers. To perform a DDoS attack, attackers must mine cryptocurrency as a proof-of-work (PoW), and the victims then obtain a solution to the PoW. Thus, relative to attackers, the attack cost increases, and, in terms of victims, the economic damage is compensated by the value of the mined coins. On the basis of this model, we evaluate attacker strategies in a game theory manner and demonstrate that the proposed solution provides only negative economic benefits to attackers. Moreover, we implement a prototype to evaluate performance, and we show that this prototype demonstrates practical performance.
- Publication
- IEICE TRANSACTIONS on Communications Vol.E103-B No.4 pp.389-404
- Publication Date
- 2020/04/01
- Publicized
- 2019/11/12
- Online ISSN
- 1745-1345
- DOI
- 10.1587/transcom.2019NRP0001
- Type of Manuscript
- Special Section PAPER (Special Section on Network Resource Control and Management Technologies for Sustainable Social Information Infrastructure)
- Category
Authors
Takayuki SASAKI
Yokohama National University
Carlos HERNANDEZ GAÑÁN
TU Delft
Katsunari YOSHIOKA
Yokohama National University
Michel VAN EETEN
TU Delft
Tsutomu MATSUMOTO
Yokohama National University
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Takayuki SASAKI, Carlos HERNANDEZ GAÑÁN, Katsunari YOSHIOKA, Michel VAN EETEN, Tsutomu MATSUMOTO, "Pay the Piper: DDoS Mitigation Technique to Deter Financially-Motivated Attackers" in IEICE TRANSACTIONS on Communications,
vol. E103-B, no. 4, pp. 389-404, April 2020, doi: 10.1587/transcom.2019NRP0001.
Abstract: Distributed Denial of Service attacks against the application layer (L7 DDoS) are among the most difficult attacks to defend against because they mimic normal user behavior. Some mitigation techniques against L7 DDoS, e.g., IP blacklisting and load balancing using a content delivery network, have been proposed; unfortunately, these are symptomatic treatments rather than fundamental solutions. In this paper, we propose a novel technique to disincentivize attackers from launching a DDoS attack by increasing attack costs. Assuming financially motivated attackers seeking to gain profit via DDoS attacks, their primary goal is to maximize revenue. On the basis of this assumption, we also propose a mitigation solution that requires mining cryptocurrencies to access servers. To perform a DDoS attack, attackers must mine cryptocurrency as a proof-of-work (PoW), and the victims then obtain a solution to the PoW. Thus, relative to attackers, the attack cost increases, and, in terms of victims, the economic damage is compensated by the value of the mined coins. On the basis of this model, we evaluate attacker strategies in a game theory manner and demonstrate that the proposed solution provides only negative economic benefits to attackers. Moreover, we implement a prototype to evaluate performance, and we show that this prototype demonstrates practical performance.
URL: https://global.ieice.org/en_transactions/communications/10.1587/transcom.2019NRP0001/_p
Copy
@ARTICLE{e103-b_4_389,
author={Takayuki SASAKI, Carlos HERNANDEZ GAÑÁN, Katsunari YOSHIOKA, Michel VAN EETEN, Tsutomu MATSUMOTO, },
journal={IEICE TRANSACTIONS on Communications},
title={Pay the Piper: DDoS Mitigation Technique to Deter Financially-Motivated Attackers},
year={2020},
volume={E103-B},
number={4},
pages={389-404},
abstract={Distributed Denial of Service attacks against the application layer (L7 DDoS) are among the most difficult attacks to defend against because they mimic normal user behavior. Some mitigation techniques against L7 DDoS, e.g., IP blacklisting and load balancing using a content delivery network, have been proposed; unfortunately, these are symptomatic treatments rather than fundamental solutions. In this paper, we propose a novel technique to disincentivize attackers from launching a DDoS attack by increasing attack costs. Assuming financially motivated attackers seeking to gain profit via DDoS attacks, their primary goal is to maximize revenue. On the basis of this assumption, we also propose a mitigation solution that requires mining cryptocurrencies to access servers. To perform a DDoS attack, attackers must mine cryptocurrency as a proof-of-work (PoW), and the victims then obtain a solution to the PoW. Thus, relative to attackers, the attack cost increases, and, in terms of victims, the economic damage is compensated by the value of the mined coins. On the basis of this model, we evaluate attacker strategies in a game theory manner and demonstrate that the proposed solution provides only negative economic benefits to attackers. Moreover, we implement a prototype to evaluate performance, and we show that this prototype demonstrates practical performance.},
keywords={},
doi={10.1587/transcom.2019NRP0001},
ISSN={1745-1345},
month={April},}
Copy
TY - JOUR
TI - Pay the Piper: DDoS Mitigation Technique to Deter Financially-Motivated Attackers
T2 - IEICE TRANSACTIONS on Communications
SP - 389
EP - 404
AU - Takayuki SASAKI
AU - Carlos HERNANDEZ GAÑÁN
AU - Katsunari YOSHIOKA
AU - Michel VAN EETEN
AU - Tsutomu MATSUMOTO
PY - 2020
DO - 10.1587/transcom.2019NRP0001
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E103-B
IS - 4
JA - IEICE TRANSACTIONS on Communications
Y1 - April 2020
AB - Distributed Denial of Service attacks against the application layer (L7 DDoS) are among the most difficult attacks to defend against because they mimic normal user behavior. Some mitigation techniques against L7 DDoS, e.g., IP blacklisting and load balancing using a content delivery network, have been proposed; unfortunately, these are symptomatic treatments rather than fundamental solutions. In this paper, we propose a novel technique to disincentivize attackers from launching a DDoS attack by increasing attack costs. Assuming financially motivated attackers seeking to gain profit via DDoS attacks, their primary goal is to maximize revenue. On the basis of this assumption, we also propose a mitigation solution that requires mining cryptocurrencies to access servers. To perform a DDoS attack, attackers must mine cryptocurrency as a proof-of-work (PoW), and the victims then obtain a solution to the PoW. Thus, relative to attackers, the attack cost increases, and, in terms of victims, the economic damage is compensated by the value of the mined coins. On the basis of this model, we evaluate attacker strategies in a game theory manner and demonstrate that the proposed solution provides only negative economic benefits to attackers. Moreover, we implement a prototype to evaluate performance, and we show that this prototype demonstrates practical performance.
ER -
English
