A game theoretic defending model with puzzle controller for distributed dos attack prevention

Distributed denial-of-service is hard to prevent because the attackers could use the authentic IP addresses of the zombies to hide the source of attacks and to increase the computational ability. In this paper, a game theoretic defending model with puzzle controller against this kind of attack is proposed. The malicious attackers can be distinguished from legitimate clients by consuming their computational ability dramatically with the puzzle controller. The proper puzzle difficulty to filter out attackers is also deduced to give an instruction for clients and servers. Meanwhile, the relationships between certain variables are further investigated.

[1]  Michael K. Reiter,et al.  Defending against denial-of-service attacks with puzzle auctions , 2003, 2003 Symposium on Security and Privacy, 2003..

[2]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[3]  Vitaly Shmatikov,et al.  Game-based analysis of denial-of-service prevention protocols , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[4]  Craig Partridge,et al.  Hash-based IP traceback , 2001, SIGCOMM.

[5]  Adam Stubblefield,et al.  Using Client Puzzles to Protect TLS , 2001, USENIX Security Symposium.

[6]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[7]  Ari Juels,et al.  Client puzzles: A cryptographic defense against connection depletion , 1999 .

[8]  Dawn Xiaodong Song,et al.  SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[9]  Chuang Lin,et al.  Modeling and Performance Analysis of a Multiserver Multiqueue System on the Grid , 2003, FTDCS.

[10]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[11]  Dawn Xiaodong Song,et al.  Pi: a path identification mechanism to defend against DDoS attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[12]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[13]  L. Buttyán,et al.  A Game Based Analysis of the Client Puzzle Approach to Defend Against DoS Attacks , 2003 .

[14]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[15]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.