Bankrupting DoS Attackers

TL;DR

This paper proposes pricing algorithms for servers to deter denial-of-service attackers by making them pay more than honest clients, leveraging estimators to adapt prices based on observed job distributions.

Contribution

It introduces and analyzes new pricing algorithms that ensure attackers incur higher costs than honest clients, with provable guarantees based on estimator accuracy.

Findings

Pricing algorithms outperform attacker's cost growth

Algorithm's cost grows slower than attacker's with accurate estimators

Lower bounds show asymptotic tightness of the proposed algorithms

Abstract

Can we make a denial-of-service attacker pay more than the server and honest clients? Consider a model where a server sees a stream of jobs sent by either honest clients or an adversary. The server sets a price for servicing each job with the aid of an estimator, which provides approximate statistical information about the distribution of previously occurring good jobs. We describe and analyze pricing algorithms for the server under different models of synchrony, with total cost parameterized by the accuracy of the estimator. Given a reasonably accurate estimator, the algorithm's cost provably grows more slowly than the attacker's cost, as the attacker's cost grows large. Additionally, we prove a lower bound, showing that our pricing algorithm yields asymptotically tight results when the estimator is accurate within constant factors.