Protecting electronic commerce from distributed denial-of-service attacks

José Brustoloni
2002 Proceedings of the eleventh international conference on World Wide Web - WWW '02  
It is widely recognized that distributed denial-of-service (DDoS) attacks can disrupt electronic commerce and cause large revenue losses. However, effective defenses continue to be mostly unavailable. We describe and evaluate VIPnet, a novel value-added network service for protecting e-commerce and other transaction-based sites from DDoS attacks. In VIPnet, e-merchants pay Internet Service Providers (ISPs) to carry the packets of the e-merchants' best clients (called VIPs) in a privileged class
more » ... of service (CoS), protected from congestion, whether malicious or not, in the regular CoS. VIPnet rewards VIPs with not only better quality of service, but also greater availability. Because VIP rights are clientand server-specific, cannot be forged, are usage-limited, and are only replenished after successful client transactions (e.g., purchases), it is impractical for attackers to mount and sustain DDoS attacks against an e-merchant's VIPs. VIPnet can be deployed incrementally and does not require universal adoption. Experiments demonstrate VIPnet's benefits.
doi:10.1145/511515.511518 fatcat:rwnp3nky5bdo5amxff6talxf6i