skip to main content
10.1145/2254756.2254775acmconferencesArticle/Chapter ViewAbstractPublication PagesmetricsConference Proceedingsconference-collections
research-article

How well can congestion pricing neutralize denial of service attacks?

Published: 11 June 2012 Publication History

Abstract

Denial of service protection mechanisms usually require classifying malicious traffic, which can be difficult. Another approach is to price scarce resources. However, while congestion pricing has been suggested as a way to combat DoS attacks, it has not been shown quantitatively how much damage a malicious player could cause to the utility of benign participants. In this paper, we quantify the protection that congestion pricing affords against DoS attacks, even for powerful attackers that can control their packets' routes. Specifically, we model the limits on the resources available to the attackers in three different ways and, in each case, quantify the maximum amount of damage they can cause as a function of their resource bounds. In addition, we show that congestion pricing is provably superior to fair queueing in attack resilience.

References

[1]
Worldwide Infrastructure Security Report Vol. VI, 2010. Arbor Networks.
[2]
M. Babaioff, R. Kleinberg, and C. H. Papadimitriou. Congestion games with malicious players. In EC '07: Proceedings of the 8th ACM conference on Electronic Commerce, pages 103--112, New York, NY, USA, 2007. ACM.
[3]
G. Barbose, C. Goldman, and B. Neenan. A survey of utility experience with real-time pricing. Technical Report LBNL-54238, Lawrence Berkeley National Laboratory, 2004. http://eetd.lbl.gov/ea/ems/reports/54238.pdf.
[4]
B. Briscoe. Using self-interest to prevent malice; Fixing the denial of service flaw of the Internet. In Proc Workshop on the Economics of Securing the Information Infrastructure, Oct. 2006.
[5]
B. Briscoe, A. Jacquet, C. Di Cairano-Gilfedder, A. Salvatori, A. Soppera, and M. Koyabe. Policing congestion response in an internetwork using re-feedback. ACM SIGCOMM, 35(4):288, 2005.
[6]
Comcast Acceptable Use Policy. http://www.comcast.com/Corporate/Customers/Policies/HighSpeedInternetAUP.html.
[7]
S. de Vries. Application level DoS attacks. Technical report, Corsaire, April 2004. http://research.corsaire.com/whitepapers/technical.html.
[8]
C. Dwork and M. Naor. Pricing via processing or combatting junk mail. In CRYPTO '92: Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology}, pages 139--147, London, UK, 1993. Springer-Verlag.
[9]
Amazon EC2 spot instances. http://aws.amazon.com/ec2/spot-instances/.
[10]
M. Gairing. Malicious Bayesian congestion games. In Proc. of the 6th Workshop on Approximation and Online Algorithms, pages 119--132, 2008.
[11]
P. B. Godfrey, I. Ganichev, S. Shenker, and I. Stoica. Pathlet routing. In ACM SIGCOMM, 2009.
[12]
R. Gummadi, H. Balakrishnan, P. Maniatis, and S. Ratnasamy. Not-a-bot: improving service availability in the face of botnet attacks. In NSDI'09: Proceedings of the 6th USENIX symposium on Networked systems design and implementation, 2009.
[13]
B. Hajek and G. Gopal. Do greedy autonomous systems make for a sensible Internet? In Conference on Stochastic Networks}, Stanford University, 2002.
[14]
R. Johari and J. N. Tsitsiklis. Efficiency loss in a network resource allocation game. Mathematics of Operations Research, 29(3):407--435, 2004.
[15]
G. Karakostas and A. Viglas. Equilibria for networks with malicious users. Math. Program., 110(3):591--613, 2007.
[16]
F. P. Kelly. Charging and rate control for elastic traffic. European Transactions on Telecommunications, 8:33--57, 1997.
[17]
S. Khanna, S. S. Venkatesh, O. Fatemieh, F. Khan, and C. A. Gunter. Adaptive selective verification. IEEE Conference on Computer Communications (INFOCOM '08), April 2008.
[18]
V. Kuleshov and A. Vetta. On the efficiency of markets with two-sided proportional allocation mechanisms. In Proceedings of the Third International Symposium on Algorithmic Game Theory (SAGT '10), Athens, Greece, October 2010.
[19]
X. Liu, X. Yang, and Y. Lu. To filter or to authorize: Network-layer DoS defense against multimillion-node botnets. ACM SIGCOMM, 38(4):195--206, 2008.
[20]
X. Liu, X. Yang, and Y. Xia. NetFence: preventing Internet denial of service from inside out. In ACM SIGCOMM, 2010.
[21]
D. Mankins, R. Krishnan, C. Boyd, J. Zao, and M. Frentz. Mitigating distributed denial of service attacks with dynamic resource pricing. In ACSAC '01: Proceedings of the 17th Annual Computer Security Applications Conference}, page 411, Washington, DC, USA, 2001. IEEE Computer Society.
[22]
D. McPherson. Fire or DDoS - which is more probable?, January 2010. http://asert.arbornetworks.com/2010/01/fire-or-ddos-which-is-more-probable.
[23]
J. Mirkovic and P. Reiher. D-WARD: A source-end defense against flooding denial-of-service attacks. IEEE Trans. Dependable Secur. Comput., 2(3):216--232, 2005.
[24]
W. Morein, A. Stavrou, D. Cook, A. Keromytis, V. Misra, and D. Rubenstein. Using graphic Turing tests to counter automated DDoS attacks against web servers. In Proceedings of the 10th ACM conference on Computer and communications security, page 19. ACM, 2003.
[25]
M. Motiwala, M. Elmore, N. Feamster, and S. Vempala. Path splicing. In ACM SIGCOMM, 2008.
[26]
J. Nagle. On packet switches with infinite storage. Communications, IEEE Transactions on}, 35(4):435 -- 438, Apr. 1987.
[27]
A. M. Odlyzko. Internet pricing and the history of communications. Computer Networks and ISDN Systems, 36:493--517, 2001.
[28]
T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security}, CCS '09, pages 199--212, New York, NY, USA, 2009. ACM.
[29]
A. Roth. The price of malice in linear congestion games. In Proceedings of the 4th International Workshop on Internet and Network Economics, WINE '08, pages 118--125, Berlin, Heidelberg, 2008. Springer-Verlag.
[30]
T. Roughgarden. Selfish Routing and the Price of Anarchy. The MIT Press, 2005.
[31]
SecurityFocus. FBI busts alleged DDoS mafia. http://www.securityfocus.com/news/9411.
[32]
M. Srivatsa, A. Iyengar, J. Yin, and L. Liu. A middleware system for protecting against application level denial of service attacks. In M. van Steen and M. Henning, editors, Middleware 2006, volume 4290 of Lecture Notes in Computer Science}, pages 260--280. Springer Berlin / Heidelberg, 2006.
[33]
D. Stiliadis and A. Varma. Latency-rate servers: a general model for analysis of traffic scheduling algorithms. Networking, IEEE/ACM Transactions on, 6(5):611 --624, Oct. 1998.
[34]
V. Valancius, N. Feamster, R. Johari, and V. Vazirani. MINT: A market for Internet transit. In ACM ReArch, 2008.
[35]
M. Walfish, M. Vutukuru, H. Balakrishnan, D. Karger, and S. Shenker. DDoS defense by offense. In ACM SIGCOMM, 2006.
[36]
H. Wang, D. Zhang, and K. G. Shin. Change-point monitoring for the detection of DoS attacks. IEEE Trans. Dependable Secur. Comput., 1(4):193--208, 2004.
[37]
X. Yang, D. Clark, and A. Berger. NIRA: a new inter-domain routing architecture. IEEE/ACM Transactions on Networking, 15(4):775--788, 2007.
[38]
X. Yang and D. Wetherall. Source selectable path diversity via routing deflections. In ACM SIGCOMM, 2006.
[39]
G. Zhang, S. Jiang, G. Wei, and Q. Guan. A prediction-based detection algorithm against distributed denial-of-service attacks. In IWCMC '09: Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing, pages 106--110, New York, NY, USA, 2009. ACM.

Cited By

View all

Index Terms

  1. How well can congestion pricing neutralize denial of service attacks?

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SIGMETRICS '12: Proceedings of the 12th ACM SIGMETRICS/PERFORMANCE joint international conference on Measurement and Modeling of Computer Systems
    June 2012
    450 pages
    ISBN:9781450310970
    DOI:10.1145/2254756
    • cover image ACM SIGMETRICS Performance Evaluation Review
      ACM SIGMETRICS Performance Evaluation Review  Volume 40, Issue 1
      Performance evaluation review
      June 2012
      433 pages
      ISSN:0163-5999
      DOI:10.1145/2318857
      Issue’s Table of Contents
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 11 June 2012

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. DoS
    2. congestion pricing
    3. denial of service
    4. security

    Qualifiers

    • Research-article

    Conference

    SIGMETRICS '12
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 459 of 2,691 submissions, 17%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)1
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 22 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2021)Coalition formation resource sharing games in networksPerformance Evaluation10.1016/j.peva.2021.102239152(102239)Online publication date: Dec-2021
    • (2019)On The Robustness of Price-Anticipating Kelly MechanismIEEE/ACM Transactions on Networking (TON)10.1109/TNET.2019.292630427:4(1558-1571)Online publication date: 1-Aug-2019
    • (2019)To Participate or Not in a Coalition in Adversarial GamesComputational Intelligence and Intelligent Systems10.1007/978-3-030-10880-9_8(125-144)Online publication date: 8-Feb-2019
    • (2015)Game Theoretic Stimulation MechanismsAnti-Jamming Transmissions in Cognitive Radio Networks10.1007/978-3-319-24292-7_5(47-58)Online publication date: 8-Nov-2015
    • (2014)On the Network Sharing of Mixed Network Coding and Routing Data Flows in Congestion NetworksIEEE Transactions on Vehicular Technology10.1109/TVT.2013.229185963:5(2420-2428)Online publication date: Jun-2014
    • (2013)STRIDEProceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security10.1145/2484313.2484367(415-426)Online publication date: 8-May-2013
    • (2021)Coalition formation resource sharing games in networksPerformance Evaluation10.1016/j.peva.2021.102239152(102239)Online publication date: Dec-2021
    • (2015)Game Theoretic Stimulation MechanismsAnti-Jamming Transmissions in Cognitive Radio Networks10.1007/978-3-319-24292-7_5(47-58)Online publication date: 8-Nov-2015
    • (2014)Defense against SYN flooding attacksComputers and Electrical Engineering10.5555/2668455.272932740:6Online publication date: 1-Aug-2014
    • (2014)Defense against SYN flooding attacks: A particle swarm optimization approachComputers & Electrical Engineering10.1016/j.compeleceng.2014.05.01240:6(2013-2025)Online publication date: Aug-2014

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media