Revisiting Client Puzzles for State Exhaustion Attacks Resilience
| Autor: | Ahmed Fawaz, Mohammad A. Noureddine, Cody Guldner, Amanda Hsu, Tamer Basar, William H. Sanders, Sameer Vijay |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
Boosting (machine learning)
Handshake Computer science ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS Testbed MathematicsofComputing_GENERAL Denial-of-service attack Limiting Computer security computer.software_genre Proof-of-work system Stackelberg competition Equilibrium solution computer |
| Zdroj: | DSN |
| DOI: | 10.1109/dsn.2019.00067 |
| Popis: | In this paper, we address the challenges facing the adoption of client puzzles as a means to protect the TCP connection establishment channel from state exhaustion DDoS attacks. We model the problem of selecting the puzzle difficulties as a Stackelberg game with the server as the leader and the clients as the followers and obtain the equilibrium solution for the puzzle difficulty. We then present an implementation of client puzzles inside the TCP stack of the Linux 4.13.0 kernel. We evaluate the performance of our implementation and the obtained solution against a range of attacks through reproducible experiments on the DETER testbed. Our results show that client puzzles are effective at boosting the tolerance of the TCP handshake channel to state exhaustion DDoS attacks by rate limiting malicious attackers while allocating resources for legitimate clients. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|