Article Preview
Top1. Introduction
There is no denying in the fact that DDoS attack is a prevalent serious threat to e-businesses raising the level of deterioration alarmingly. DDoS attack is a deliberate attempt by attackers to collapse an online service by astounding it with voluminous dummy requests sent by multiple bot machines (Mirkovic & Reiher, 2004; Chhabra, M., et al, 2013; Shidaganti, G, et. al, 2020 ). DDoS attack basically aims to force victim node to exhaust its resources while processing dummy data requests. Generally, DDoS attack is carried out in two ways; firstly by exploiting some vulnerability present in the current Internet infrastructure, secondly by sending voluminous data requests to make victim fall short of resources. Level of destruction from DDoS attack to a victim node can range from financial loss, infrastructural outages to reputation discredition. Only a few minutes of server downtime can hinder the productivity of an organization and may impose negative externalities on other parties.
Till now, DDoS attack of maximum scale 1.7 Tbps has been recorded in 2018 against Github which undoubtedly will increase manifold in upcoming years (Skottler, 2018). Figure 1, shows the continuous growth in scale for last 11 years. Attackers are continuously leveraging IoT (Internet of Things) for performing complex DDoS attacks as huge network of insecure and vulnerable devices is facilitating attackers to amplify scale of DDoS attacks. Along with IoT based botnet, there is a new trend of memcached attack in 2018. DDoS attack on Github was carried out using same method of memcached attack. The ransom driven DDoS attack in 2017 hit numerous systems, where ransom was sought from a user so that he could unlock his system that the attacker had locked down using the Wannacry virus. Further, in previous year 53% of DDoS attacks have targeted the encrypted services at application layer (Skottler, 2018). Figure 2 shows the protocols used for performing DDoS amplification attacks. From the statistics and facts, severity and complexity of DDoS attacks can be imagined which reached to a daunting level.
Moreover, risk assessment and management methodologies aim to provide techniques only for identifying and quantifying factors for DDoS mitigation and detection. DDoS attack is direct implication of unincentivized Internet structure and resource misalignment. Deploying a security system or investing in insurance policies does not insulate an organization from DDoS attack completely. Internet has a dependent architecture where actions of one entity ensure positive or negative externality on others. Major of the research work for DDoS attacks primarily meet the technical aspects of a defensive solution. These methods do not consider economic incentives formulation. We need to think different from conventional methods of DDoS defensive mechanisms. Therefore, the focus of the paper is to frame incentives for legitimate users and not to leave any motive for attackers to attack the victim network (Gupta, S., et. al, 2015; Kaushik, S., et. al, 2019; Gou, Z., et al, 2017).
In this paper, a VCG (Nisan & Ronen 2007) based auction mechanism for defending DDoS attacks has been proposed. VCG method is inherently incentive compatible where dominant strategy of every participating user is to bid his value truthfully. We have made attacker deprived of incentives by not allocating him resources. In case, if resources are allocated to him, then a high penalty in the form of payment is imposed on him.
Rest of the paper is arranged as follows: Section 2 has outlined some important work which has been done in this domain followed by proposed work in section 3. Next, in section 4 implementation of proposed model has been presented. Finally, section 5 concludes the paper.
Figure 1. Maximum recorded size of DDoS attack for last11 years (Source: Arbour Network Inc.)
Figure 2. Protocols used for performing DDoS attack (Source: Arbour Network Inc.)