A puzzle-based defense strategy against flooding attacks using game theory

IEEE Transactions on Dependable and Secure Computing

Volumn 7, Issue 1, 2010, Pages 5-19

  Fallah, Mehran S ^a  

^a AMIRKABIR UNIVERSITY OF TECHNOLOGY   (Iran)

Author keywords

Availability; Client puzzle approach; Flooding DoS attack; Game theory; Reliability; Serviceability

Indexed keywords

AVAILABILITY; DENIAL-OF-SERVICE ATTACK; FLOODS; NETWORK SECURITY; RELIABILITY; RELIABILITY THEORY;

ATTACKS IN NETWORKS; CLIENT PUZZLES; DEFENSE MECHANISM; DENIAL OF SERVICE; DISTRIBUTED ATTACK; NUMBER OF SOURCES; SERVICEABILITY; SOLUTION CONCEPTS;

GAME THEORY;

EID: 76949106169     PISSN: 15455971     EISSN: None     Source Type: Journal    
DOI: 10.1109/TDSC.2008.13     Document Type: Article

References (36)

1. D. Moore, C. Shannon, D.J. Brown, G.M. Voelker, and S. Savage, "Inferring Internet Denial-of-Service Activity," ACM Trans. Computer Systems, vol.24, no.2, pp. 115-139, May 2006.
2. A. Hussain, J. Heidemann, and C. Papadopoulos, "A Framework for Classifying Denial of Service Attacks," Proc. ACM SIGCOMM '03, pp. 99-110, 2003.
3. A.R. Sharafat and M.S. Fallah, "A Framework for the Analysis of Denial of Service Attacks," The Computer J., vol.47, no.2, pp. 179-192, Mar. 2004.
4. C.L. Schuba, I.V. Krsul, M.G. Kuhn, E.H. Spafford, A. Sundaram, and D. Zamboni, "Analysis of a Denial of Service Attack on TCP," Proc. 18th IEEE Symp. Security and Privacy, pp. 208-223, 1997.
5. Smurf IP Denial-of-Service Attacks. CERT Coordination Center, Carnegie Mellon Univ., 1998.
6. Denial-of-Service Tools. CERT Coordination Center, Carnegie Mellon Univ., 1999.
7. Denial-of-Service Attack via Ping. CERT Coordination Center, Carnegie Mellon Univ., 1996.
8. IP Denial-of-Service Attacks. CERT Coordination Center, Carnegie Mellon Univ., 1997.
9. J. Mirkovic and P. Reiher, "A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms," ACM SIGCOMM Computer Communication Rev., vol.34, no.2, pp. 39-53, Apr. 2004.
10. J. Ioannidis and S. Bellovin, "Implementing Pushback: Router-Based Defense Against DDoS Attacks," Proc. Network and Distributed System Security Symp. (NDSS '02), pp. 6-8, 2002.
11. S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Practical Network Support for IP Traceback," Proc. ACM SIGCOMM '00, pp. 295-306, 2000.
12. D. Song and A. Perrig, "Advanced and Authenticated Marking Schemes for IP Traceback," Proc. IEEE INFOCOM '01, pp. 878-886, 2001.
13. A. Yaar, A. Perrig, and D. Song, "PI: A Path Identification Mechanism to Defend Against DDoS Attacks," Proc. IEEE Symp. Security and Privacy, pp. 93-109, 2003.
14. D. Dean, M. Franklin, and A. Stubblefield, "An Algebraic Approach to IP Traceback," ACM. Trans. Information and System Security, vol.5, no.2, pp. 119-137, May 2002.
15. A.C. Snoeren, C. Partridge, L.A. Sanchez, C.E. Jones, F. Tchakountio, S.T. Kent, and T. Strayer, "Hash-Based IP Traceback," Proc. ACM SIGCOMM '01, pp. 3-14, 2001.
16. A. Yaar, D. Song, and A. Perrig, "SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks," Proc. IEEE Symp. Security and Privacy, pp. 130-146, 2004.
17. J. Mirkovic and P. Reiher, "D-WARD: A Source-End Defense Against Flooding Denial-of-Service Attacks," IEEE Trans. Dependable and Secure Computing, vol.2, no.3, pp. 216-232, July/Sept. 2005.
18. P. Ferguson and D. Senie, Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing, RFC 2267, Jan. 1998.
19. C. Meadows, "A Cost-Based Framework for Analysis of Denial of Service in Networks," J. Computer Security, vol.9, nos. 1-2, pp. 143-164, Jan. 2001.
20. J. Leiwo and Y. Zheng, "A Method to Implement a Denial of Service Protection Base," Proc. Australian Conf. Information Security and Privacy, pp. 90-101, 1997.
21. J. Leiwo, P. Nikander, and T. Aura, "Towards Network Denial of Service Resistant Protocols," Proc. 15th Int'l Information Security Conf., pp. 301-310, 2000.
22. A. Jules and J. Brainard, "Client-Puzzles: A Cryptographic Defense Against Connection Depletion," Proc. Network and Distributed System Security Symp. (NDSS '99), pp. 151-165, 1999.
23. D. Dean and A. Stubblefield, "Using Client Puzzles to Protect TLS," Proc. 10th Ann. Usenix Security Symp., pp. 1-8, 2001.
24. W. Feng, "The Case for TCP/IP Puzzles," Proc. ACM SIGCOMM Workshop Future Directions in Network Architecture, pp. 322-327, 2003.
25. T. Aura, P. Nikander, and J. Leiwo, "DoS-Resistant Authentication with Client Puzzles," Proc. Eighth Security Protocols Workshop, pp. 170-178, 2000.
26. B. Waters, A. Jules, J. Halderman, and E. Felten, "New Client Puzzle Outsourcing Techniques for DoS Resistance," Proc. ACM Conf. Computer and Comm. Security, pp. 246-256, 2004.
27. W. Feng, E. Kaiser, W. Feng, and A. Luu, "The Design and Implementation of Network Puzzles," Proc. 24th Ann. Joint Conf. IEEE Computer and Comm. Societies, pp. 2372-2382, 2005.
28. X. Wang and M. Reiter, "Defending Against Denial-of-Service Attacks with Puzzle Auctions," Proc. IEEE Security and Privacy, pp. 78-92, 2003.
29. B. Bencsath, I. Vajda, and L. Buttyan, "A Game Based Analysis of the Client Puzzle Approach to Defend Against DoS Attacks," Proc. 11th Int'l Conf. Software, Telecomm., and Computer Networks, pp. 763-767, 2003.
30. A. Mahimkar and V. Shmatikov, "Game-Based Analysis of Denialof-Service Prevention Protocols," Proc. 18th Computer Security Foundations Workshop, pp. 287-301, 2005.
31. H. Gintis, Game Theory Evolving: A Problem-Centered Introduction to Modeling and Strategic Behavior. Princeton Univ. Press, pp. 129-130, 2000.
32. D. Fudenberg and E. Maskin, "The Folk Theorem for Repeated Games with Discounting and Incomplete Information," Econometrica, vol.54, no.3, pp. 533-554, May 1986.
33. M. Abadi, M. Burrows, M. Manasse, and T. Wobber, "Moderately Hard, Memory-Bound Functions," Proc. Network and Distributed System Security Symp. (NDSS '03), pp. 25-39, 2003.
34. F. Forges, "Note on Nash Equilibria in Infinitely Repeated Games with Incomplete Information," Int'l J. Game Theory, vol.13, no.3, pp. 179-187, Sept. 1984.
35. S. Hart, "Nonzerosum Two-Person Repeated Games with Incomplete Information," Math. of Operations Research, vol.10, no.1, pp. 117-153, Feb. 1985.
36. F. Forges, "Repeated Games of Incomplete Information: Non-Zero Sum," Handbook of Game Theory, R. Aumann and S. Hart, eds., vol.1, pp. 155-177, Elsevier Science, 1992.