The Economic Incentives of Providing Network Security Services on the Internet Infrastructure

Distributed denial-of-service (DDOS) attacks have emerged as a prevalent way to compromise the availability of networks/servers, which imposed financial losses for e-commerce businesses. Many defenses that mitigate the effect of ongoing DDOS attacks have been proposed. However, none of the defenses have been widely deployed on the Internet infrastructure at this point because of a lack of understanding in the economic incentives inherent in providing the defenses as well as uncertainty in current defenses. We propose that ISPs should provide DDOS defenses as network services to ensure the availability of a network or a server when the technology is ready. This paper provides an analytical framework for the proposed service to align the economic incentives. Using empirical data from security incidents, this paper shows that the proposed service can bring economic benefits to providers with an appropriate pricing strategy, some investigation into the expected loss of subscribers, and knowledge on the overall risk level of attacks.