Home // ICONS 2012, The Seventh International Conference on Systems // View article

New Approach to Mitigating Distributed Service Flooding Attacks

Authors:
Mehmud Abliz
Taieb Znati

Keywords: denial of service; availability; tour puzzles; proof of work; client puzzles; cryptography.

Abstract:
Distributed denial of service (DDoS) attacks pose great threat to the Internet and its public services. Various computation-based cryptographic puzzle schemes have been proposed to mitigate DDoS attacks when detection is hard or has low accuracy. Yet, existing puzzle schemes have shortcomings that limit their effectiveness in practice. First, the effectiveness of computation-based puzzles decreases, as the variation in the computational power of clients increases. Second, while mitigating the damage caused by the malicious clients, the puzzle schemes also require the benign clients to perform the same expensive computation that doesn't contribute to any useful work from the clients' perspective. In this study, we introduce guided tour puzzles, a novel puzzle scheme that addresses these shortcomings. The guided tour puzzle scheme uses latency --- as opposed to computational delay --- as a way of forcing sustainable request arrival rate on clients. We evaluate the DoS mitigation effectiveness of the scheme in a realistic simulation environment, and show that guided tour puzzle scheme provides a strong mitigation of request flooding DDoS and puzzle solving DDoS attacks.

Pages: 13 to 19

Copyright: Copyright (c) IARIA, 2012

Publication date: February 29, 2012

Published in: conference

ISSN: 2308-4243

ISBN: 978-1-61208-184-7

Location: Saint Gilles, Reunion

Dates: from February 29, 2012 to March 5, 2012