Economic Incentives for Providing Distributed

1
Economic Incentives for Providing Distributed
Denial of Service Defenses
CASOS
Project Investigators Kathleen M. Carley
ISRI/CASOS, Primary Investigator Li-Chiou Chen
ISRI/CASOS, Post Doctoral Research Fellow
The provision of DDOS defenses
Benefit-cost ratio increases with the packet rate
of the attack for various filter locations
Source filtering is more beneficial when the
packet rate of attacks is large
DDOS defenses by providers Current practice
manually trace and filter attacks hop by
hop Active defenses automatically detect and
filter attacks Problems Technical not clear how
performance efficiency changes with the attacks
and the network environment Economic not clear
about the incentives Purpose Utilize an
analytical framework to investigate the economic
incentives for network providers to deploy
defenses at their networks by using empirical
data and attack simulations
Source filtering is more beneficial for capacity
constrained network
Differential pricing based on expected loss is
more beneficial across all packet rates
Source filtering and destination filtering
Conclusions
Benefit cost ratio
When there is a single provider for DDOS
defenses Provide the defense in differential
pricing based on expected loss Provide source
filtering if an expected loss is imposed on
attack sources When there are multiple providers
for DDOS defenses Provide source filtering for
high packet rate attacks (gt150pps, TCP SYN),
single source attacks, a network that is capacity
constrained (Cw/Crgt0.1) and loosely connected
with longer avg path Provide destination
filtering for low packet rate attacks,
distributed source attacks, a network that is
computational constrained (Cw/Crlt0.1)and is
densely connected with shorter avg path Set the
filter location closer to attack sources
(gt150pps, TCP SYN)