Abstract
Distributed Denial-of-Service (DDoS) attacks are by design highly decentralized and therefore hard to defend against. By utilizing a decentralized, multi-domain, cooperative defense mechanism, it is possible to combine software and hardware capabilities to effortlessly mitigate large scale attacks. Cooperative defense systems face many challenges, such as deployment complexity due to high coordination overhead, reliance on trusted and stable channels for communication and the need for effective incentives to bolster cooperation among all involved parties. In particular, incentives are the key to ensure successful deployment of a "Mitigation-as-a-Service (MaaS)" for cooperative defense systems. This paper discusses the critical issue of providing a proof of the effectiveness of a cooperative defense mitigation, considering four state-of-the-art solutions toward an independently verifiable proof of mitigation. A qualitative analysis of these approaches across 9 dimensions shows that none satisfy all requirements due to the inherent trade-offs between practicability and security. As a result, it is identified that the issue of authenticating the underlying network flows remains unsolved.
Mannhart, Stephan