Distributed Defence of Service (DiDoS): A Network-layer Reputation-based DDoS Mitigation Architecture

Open Webpage

Andikan Otung, Andrew P. Martin

Published: 2020, Last Modified: 02 Aug 2025ICISSP 2020EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: The predominant strategy for DDoS mitigation involves resource enlargement so that victim services can handle larger demands, however, with growing attack strengths, this approach alone is unsustainable. This paper proposes DiDoS (Distributed Defence of Service), a collaborative DDoS defence architecture that leverages victim feedback to build network-level sender reputations that are applied to identify and thwart attack traffic – thus alleviating the need for resource enlargement. Since attack traffic is dropped at points of contention in the Internet, (rather than rote blocking at source) DiDoS reduces the impact of false positives and enables the traversal of legitimate traffic from said devices across the Internet. Through anti-spoofing protection and preferential treatment of DiDoS-compliant devices, DiDoS offers adoption incentives that help offset the Tragedy of the Commons effect of DDoS mitigation, which commonly sees non-victim intermediary entities benefit little from DDo