Title :
A distributed client-puzzle mechanism to mitigate bandwidth attacks
Author :
Alimadadi, Mazdak ; Fallah, Mehran S.
Author_Institution :
Dept. of Comput. Eng. & Inf. Technol., Amirkabir Univ. of Technol., Tehran, Iran
Abstract :
The use of client puzzles has been recognized as a preventive defense against resource exhaustion attacks. Its original schemes, however, cannot be used against bandwidth attacks. To resolve this, some defense mechanisms have recently been proposed in which the puzzles are created and the answers are evaluated by the routers distributed over the network. Although interesting, these mechanisms are of high complexity and their success relies on high cooperation from core routers, a thing that is not possible in the near future. In this paper, we propose a novel distributed puzzle-based defense mechanism against bandwidth attacks. Unlike the earlier solutions, it only requires cooperation from the routers within a single autonomous system. To attain such a cooperation, we suggest the use of incentive mechanisms with money. We also employ game theory to decide on appropriate payments to cooperating routers as well as to adjust the difficulty level of the puzzles. Simulation results show that our mechanism is effective in mitigating bandwidth attacks.
Keywords :
client-server systems; computer network security; game theory; telecommunication network routing; autonomous system; bandwidth attack mitigation; core router; distributed client-puzzle mechanism; distributed puzzle-based defense mechanism; game theory; incentive mechanism; preventive defense; resource exhaustion attacks; Bandwidth; Barium; Cost accounting; Game theory; Monitoring; Pattern matching; Servers; Bandwidth attacks; client puzzles; denial of service; game theory;
Conference_Titel :
Network and System Security (NSS), 2011 5th International Conference on
Conference_Location :
Milan
Print_ISBN :
978-1-4577-0458-1
DOI :
10.1109/ICNSS.2011.6059994
