Open Access Open Access  Restricted Access Subscription or Fee Access

Defending DoS Attacks Using a Puzzle-Based Approach and Tracing Back to the Attacker

Anup Mathew Abraham, Shweta Vincent

Abstract


In today‟s world Denial-of-Service attacks have huge impact on network security. DoS attacks are usually launched to make the service of a system unavailable to a person who is authorized to use it. Several methods were introduced for defending Denial-of-Service attacks earlier. In our paper we propose a client-puzzle mechanism approach to defend DoS attacks. Here, intermediate routers can be used for issuing and solving network puzzles of various difficulty levels depending on the intensity of the attack. The target server will be protected by using an intermediate firewall router for issuing the puzzles; this will reduce the load over the server. Likewise intermediate proxy routers can be used for solving the puzzle. But furthermore, this proxy can also be a target of attack. This problem can be overcome by using a hybrid traceback mechanism for the attacking client. This technique helps to find out the attacking node and the router through which the attack packet was forwarded.

Keywords


Client-Puzzle approach, Flooding DoS attack, Game Theory, Nash Equilibrium, Trace-Back.

Full Text:

PDF

References


Mehran S. Fallah, “A Puzzle-Based Defense Strategy Against Flooding Attacks Using Game Theory,” IEEE Transactions on dependable and secure computing,vol. 7, no. 1, January-March 2010

B. Waters, A. Jules, J. Halderman, and E. Felten, “New Client Puzzle Outsourcing techniques for DoS Resistance,” Proc. ACM Conf. Computer and Comm. Security, pp. 246-256, 2004.T.

W. Feng, E. Kaiser, W. Feng, and A. Luu, “The Design and Implementation of Network Puzzles,” Proc. 24th Ann. Joint Conf. IEEE Computer and Comm. Societies, pp. 2372-2382, 2005.

X. Wang and M. Reiter, “Defending Against Denial-of-Service Attacks with Puzzle Auctions,” Proc. IEEE Security and Privacy, pp. 78-92, 2003.

Mahimkar and V. Shmatikov, “Game-Based Analysis of Denial of Service Prevention Protocols,” Proc. 18th Computer Security Foundations Workshop, pp. 287-301, 2005.

Moore, C. Shannon, D.J. Brown, G.M. Voelker, and S. Savage, “Inferring Internet Denial-of-Service Activity,” ACM Trans.Computer Systems, vol. 24, no. 2, pp. 115-139, May 2006.

Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson, “Practical Network Support for IP Traceback”,SIGCOMM'00, Stockholm, Sweden.

Chao Gong, Kamil Sarac, “A More Practical Approach for Single-Packet IP Traceback Using Packet Logging and Marking”, IEEE Trasactions on Parallel and Distributed Sysems, Vol. 19, No.10, October 2008.

S. Savage, D. Wetherall, A. Karlin, and T. Anderson, “Network Support for IP Traceback,” IEEE/ACM Trans. Networking, vol. 9, no. 3, pp. 226-237, 2001.

A. Snoeren, C. Partridge, L. Sanchez, C. Jones, F. Tchakountio, B. Schwartz, S. Kent, and W. Strayer, “Single-Packet IP Traceback,” IEEE/ACM Trans. Networking, vol. 10, no. 6, pp. 721-734, 2002.

B. Al-Duwairi and G. Manimaran, “Novel Hybrid Schemes Employing Packet Marking and Logging for IP Traceback,” IEEE Trans. Parallel and Distributed Systems, vol. 17, no. 5, pp. 403-418, May 2006.

A. Snoeren, C. Partridge, L. Sanchez, C. Jones, F. Tchakountio, S. Kent, and W. Strayer, “Hash-Based IP Traceback,” Proc. ACM SIGCOMM ‟01, Aug. 2001.

Jianping Wang, “ns-2 Tutorial (1)”, Multimedia Networking Group, The Department of Computer Science, UVA.

Jianping Wang, “ns-2 Tutorial (2)”, Multimedia Networking Group, The Department of Computer Science, UVA.

Gang Wang, Yong Xia, David Harrison, “An NS-2 TCP Evaluation Tool: Installation Guide and Tutorial”, NEC Laboratories China, BitTorrent, April29, 2007.

Gang Wang, Yong Xia, David Harrison, “An NS-2 TCP Evaluation Tool: Installation Guide and Tutorial”, NEC Laboratories China, BitTorrent, November 24, 2008.


Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.