How well can congestion pricing neutralize denial of service attacks?

By , ,

Full Text:
http://doi.acm.org/10.1145/2254756.2254775

Abstract

Denial of service protection mechanisms usually require classifying malicious traffic, which can be difficult. Another approach is to price scarce resources. However, while congestion pricing has been suggested as a way to combat DoS attacks, it has not been shown quantitatively how much damage a malicious player could cause to the utility of benign participants. In this paper, we quantify the protection that congestion pricing affords against DoS attacks, even for powerful attackers that can control their packets' routes. Specifically, we model the limits on the resources available to the attackers in three different ways and, in each case, quantify the maximum amount of damage they can cause as a function of their resource bounds. In addition, we show that congestion pricing is provably superior to fair queueing in attack resilience.

BibTeX

@inproceedings{conf/sigmetrics/VulimiriAGL12,
author = "Vulimiri, Ashish and Agha, Gul A. and Godfrey, Philip
Brighten and Lakshminarayanan, Karthik",
editor = "Harrison, Peter G. and Arlitt, Martin F. and Casale,
Giuliano",
title = "How well can congestion pricing neutralize denial of
service attacks?",
booktitle = "SIGMETRICS",
crossref = "conf/sigmetrics/2012",
ee = "http://doi.acm.org/10.1145/2254756.2254775",
keywords = "dependable systems",
pages = "137-150",
year = "2012",
}

@proceedings{conf/sigmetrics/2012,
editor = "Harrison, Peter G. and Arlitt, Martin F. and Casale,
Giuliano",
title = "ACM SIGMETRICS/PERFORMANCE Joint International Conference
on Measurement and Modeling of Computer Systems, SIGMETRICS
'12, London, United Kingdom, June 11-15, 2012",
ee = "http://dl.acm.org/citation.cfm?id=2254756",
isbn = "978-1-4503-1097-0",
publisher = "ACM",
year = "2012",
}