Distributed Defence of Service (DiDoS): A Network-layer Reputation-based DDoS Mitigation Architecture

Andikan Otung; Andrew Martin

doi:10.5220/0009091206190630

Distributed Defence of Service (DiDoS): A Network-layer Reputation-based DDoS Mitigation Architecture

Andikan Otung, Andrew Martin

2020

Abstract

The predominant strategy for DDoS mitigation involves resource enlargement so that victim services can handle larger demands, however, with growing attack strengths, this approach alone is unsustainable. This paper proposes DiDoS (Distributed Defence of Service), a collaborative DDoS defence architecture that leverages victim feedback to build network-level sender reputations that are applied to identify and thwart attack traffic – thus alleviating the need for resource enlargement. Since attack traffic is dropped at points of contention in the Internet, (rather than rote blocking at source) DiDoS reduces the impact of false positives and enables the traversal of legitimate traffic from said devices across the Internet. Through anti-spoofing protection and preferential treatment of DiDoS-compliant devices, DiDoS offers adoption incentives that help offset the Tragedy of the Commons effect of DDoS mitigation, which commonly sees non-victim intermediary entities benefit little from DDoS defence expenditure. In this paper, the tenets and fundamentals of the architecture are described, before being analysed against the presented threat model. Simulation results, demonstrating the effectiveness of the reputation convergence of the scheme, in the use-case of a local access network, are also presented and discussed.

Download

Paper Citation

in Harvard Style

Otung A. and Martin A. (2020). Distributed Defence of Service (DiDoS): A Network-layer Reputation-based DDoS Mitigation Architecture. In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 619-630. DOI: 10.5220/0009091206190630

in Bibtex Style

@conference{icissp20,
author={Andikan Otung and Andrew Martin},
title={Distributed Defence of Service (DiDoS): A Network-layer Reputation-based DDoS Mitigation Architecture},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={619-630},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009091206190630},
isbn={978-989-758-399-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Distributed Defence of Service (DiDoS): A Network-layer Reputation-based DDoS Mitigation Architecture
SN - 978-989-758-399-5
AU - Otung A.
AU - Martin A.
PY - 2020
SP - 619
EP - 630
DO - 10.5220/0009091206190630