A Smarter Marketplace for Internet Defence: FIRE Project Combats DDoS Attacks with Economic Innovation
The internet’s distributed design enables resilience but also exposes it to the risk of DDoS attacks. FIRE introduces a market-based approach for stakeholders to coordinate defenses across a siloed system.
The internet is often described as a “network of networks”, but this global web of interconnected systems is far from unified. Behind the seamless experience that users enjoy lies a fragmented reality: autonomous systems, or ASes, operated by telecom providers, universities, corporations, and governments. Each comes with their own rules, commercial terms, and priorities. While this distributed architecture underpins the internet’s resilience, it also leaves the door wide open to one of its most common threats: Distributed Denial of Service (DDoS) attacks.
Future Internet Resilience Economics (FIRE), a project under the Campus for Research Excellence and Technological Enterprise (CREATE) in Singapore (completed in September 2024), takes a bold approach to tackle this problem. Co-led by the Singapore-ETH Centre (SEC) and the Illinois Advanced Research Centre in Singapore (IARCS), FIRE pioneers a novel, market-based mechanism that allows internet stakeholders to coordinate DDoS defence strategies across otherwise siloed systems.
A Market Failure in Cyber Defence
DDoS attacks are a cornerstone of cybercrime. In such an attack, a criminal uses a network of hijacked devices to flood a target server or service with an overwhelming volume of internet traffic, rendering it inaccessible to legitimate users. These hijacked devices (also known as botnet) refer to internet-connected devices such as computers and smartphones. These attacks are widely available for hire on the dark web and are often disguised as “stress tests” to bypass legal scrutiny.
The dark web is a hidden, non-indexed part of the internet that can only be accessed by special platforms that allow for anonymous communication and are commonly used for illicit activities due to the lack of legal jurisdiction.The consequences for platforms, companies and institutions who fall victim to such attacks, which range from e-commerce platforms and financial institutions to hospitals and government services, can be immediate and severe.This includes lost revenue, reputational damage, and even threats to public safety.
While DDoS attacks have become increasingly sophisticated, the same cannot be said for its defence. Currently, there is an absence of a large, coordinated body and no economic incentives to implement standardised mechanisms for different network operators to work together to stop an attack before it hits, beyond bilateral collaboration.
A New Economy of Trust
While attackers benefit from efficient and well-organised markets, defenders remain fragmented and under-coordinated. This structural imbalance leaves network operators with limited tools and incentives to act collectively against
threats. The FIRE project set out to change that by introducing a market-based mechanism to enable more effective, collaborative cyber defence.
At the heart of the FIRE’s platform is a powerful decision-making algorithm that incorporates resilience thresholds and threat intelligence to determine the most effective filtering strategy.
FIRE’s approach centres on commoditising DDoS defence resources and enabling their trade across a blockchain-based marketplace. A blockchain-based marketplace is a distributed infrastructure made up of nodes that maintain a decentralised, transparent, and immutable record of data and transactions. Each node stores a full or partial copy of the blockchain, which together constitutes a shared digital ledger of all transactions. It also supports the execution of programmes, known as smart contracts, enabling automated and trustless interactions between participants.
Using FIRE’s model, network operators can offer filtering capacity at their border routers, which refers to the critical points where external traffic enters their networks, as standardised, tradable resources. These can then be bought by potential victims before or during an attack.
FIRE supports both reactive and preventive procurement of resources: it enables organisations to estimate risk and identify likely attack vectors in advance, while also ensuring that reactive responses, though potentially more costly, are deterministic when attacks occur. In both reactive and proactive
scenarios , FIRE makes it possible to assemble tailored, distributed defenses across the very network pathways used by attackers.
For example, an e-commerce company anticipating a surge in traffic during a flash sale might proactively purchase additional filter resources to safeguard service availability. Alternatively, if a DDoS attack is already in progress, the company can quickly acquire just-in-time defence through FIRE’s platform.
Real-Time Intelligence Meets Strategic Economics
Not all network paths carry the same weight: some are more central to global traffic flows and therefore more strategically important for defende. By assigning prices to these filter resources, the FIRE marketplace does more than enable trade. It provides real-time risk information. Higher prices signal greater strategic value or an elevated risk of attack, creating a self-regulating ecosystem where supply and demand reflect the dynamic threat landscape.
This has clear implications for critical sectors like finance, healthcare, sovereign cloud storage, gaming, media, and enterprise IT, where service continuity is paramount. For network operators, it opens up a new revenue stream by monetising otherwise idle capacity. For end-hosts, such as payment processors to public agencies, it offers a practical, distributed, and customisable defense solution.
Toward a More Resilient Internet
FIRE’s innovation lies not just in technology, but in its economic reframing of cybersecurity. By treating defense as a tradable commodity and aligning incentives across autonomous stakeholders, the project laid the groundwork for a more cooperative and resilient future internet landscape.
“ Defending against DDoS attacks is not just a technical issue - it’s a coordination problem. FIRE shows that markets, when designed carefully, can be a powerful tool for solving these kinds of distributed challenges. ”Felix Kottmann
The project concluded in September 2024, but its vision for a smarter, more strategic internet defence continues to gain traction among researchers, internet service providers, and governments alike. Building on this momentum, the team is now working with industry partners to explore spinoff opportunities and commercialise the platform, aiming to translate FIRE’s research into a real-world product.
As global cyber threats grow in complexity and scale, initiatives like FIRE offer a timely reminder that resilience can be engineered –not just through code, but through collaboration.