An Economic Incentive-Based Risk Transfer Approach for Defending Against DDoS Attacks

Abstract

Volumetric DDoS attacks are continued to be an immense threat to e-commerce and other online businesses from the last decade as attackers have much resources to amplify scale and frequency day by day. Despite significant efforts by research community and security professionals, we are lacking a robust solution against DDoS attacks. Generally, the attacker's investment in sending large amount of traffic to paralyze a system is negligible as compared to the loss they caused to an organization. Therefore, in this article, a risk transfer approach, a combination of techno-economic aspects is proposed where the risk of being attacked is transferred to some cooperating ISPs in return for economic incentives. In the proposed approach, user's attention, cash, other network and computational resources are contemplated as valuable resources. User must have consent from server in the form of “Sending Rights” which can be obtained by solving cryptographic puzzle (computational work) or by purchasing through micropayment or combination of both according to traffic load level. Our proposed solution is implemented on PN2sim simulator and then verified on SPIN model checker. Implementation results show the supremacy of our proposed approach.