Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Vancha Maheshwar Reddy, B Sandhya Rani, J Vedika, Ch. Veera Reddy / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 1, January -February 2013, pp.751-757 Game Theory based Defense Strategy against Denial of Service Attack using Puzzles Vancha Maheshwar Reddy1, B Sandhya Rani2, J Vedika3, Ch. Veera Reddy4 (1,2,3 Assistant Professor, ACE Engineering College, Hyderabad) 4 ( Assistant Professor, SCIENT Institute of Technology, Hyderabad)ABSTRACT Security issues have become a major Flooding attacks examples are SYN flood, Smurf,issue in recent years due to the advancement of TFN2K which sends a large number of requests totechnology in networking and its use in a service provided by victim system. SYN flood usesdestructive way. A number of defense strategies resource starvation to achieve DoS attack [5]have been devised to overcome the flooding whereas Smurf attack uses bandwidth consumptionattack which is prominent in the networking to disable victim system’s network resources [6] andindustry due to which depletion of resources TFN2K attacks are launched using spoofed IPtakes place. But these mechanism are not addresses, making detecting the sources of thedesigned in an optimally and effectively and some attacks more difficult[7]. These requests reduce orof the issues have been unresolved. Hence in this use up some key resources of victim by largepaper we suggest a Game theory based strategy amount and so legitimate user’s requests for sameto create a series of defence mechanisms using resources are denied. Capacity of a buffer, CPUpuzzles. Here the concept of Nash equilibrium is time to process requests, available bandwidth of aused to handle sophisticated flooding attack to communication channel are some of the resources ofdefend distributed attacks from unknown a networked system[4]. The depleted resourcesnumber of sources revive when the flooding attack stops. Examples of Logical attack are Ping-of-Death, Teardrop .InGeneral Terms: Computer Networks and Security. logical attack, victim’s vulnerable software acceptsKeywords: Dos Attacks, Game Theory, Puzzles. and process a forged fatal message which leads to resource exhaustion. Flooding attack and Logical I. INTRODUCTION attack will act as memory eaters, bandwidth loggers, The pace with which the technology is or system crashers. Appropriate remedial actions areadvancing is amazing. With the advancement in to be adopted against logical attacks since effects oftechnology there has been a great advancement in attack remain even after attack, whereas it is not thenetworking too. Networking today has become case in flooding attacks. The contents of attackinevitable and is a part and parcel in various aspects message and legitimate message differ and byof our life. If we consider the present business and making distinction among them, logical attack canpolitical scenario, there has been a rat-race going on be thwarted, which is not possible in flooding attackwhich has made individuals not only upgrade their [4]. As such distinction is not possible in floodingown resources but also degrade their competitor’s attack; the defence becomes an arduous task againstresources by some malicious activities. Hence in flooding attacks. Here in this paper have solelyrecent years, security concerned issues has received focused on Flooding Attacks, There is no “magicalenormous attention in networked system because of panacea” for potential threats in computer security.availability of services. Networked systems are To defend a system in network there is only onevulnerable to DoS (Denial of Services) attack. A way that is to design and employ a number ofDenial-of-Service attack (Dos attack) is a type of protections or defence mechanisms that mitigates aattack on a network that is designed to bring specific threat. Large number of defenses againstnetwork to its knees by flooding it with useless flooding attack have been devised which may betraffic. In this area, most researches are based on reactive or preventive. Mechanisms such asdesigning and verifying various defense strategies pushback [8], traceback [9], or filtering [10] areagainst denial-of-service (DoS) attacks. A DoS reactive mechanisms which alleviate the impact ofattack characterizes a malicious behavior preventing flooding attack by detecting the attack on the victim,the legitimate users of a network from using the but they all have significant drawbacks that limitservices provided by that network. Flooding attacks their practical utility in the current scenario.and Logic attacks are the two principal classes of Whereas Preventive strategies make the victim ableDoS attack. ([1], [2], [3], [4]). to tolerate the attack without the legitimate user’s request getting denied. Preventive mechanism 751 | P a g e
  2. 2. Vancha Maheshwar Reddy, B Sandhya Rani, J Vedika, Ch. Veera Reddy / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 1, January -February 2013, pp.751-757enforces restrictive policies such as use of client information security the original idea ofpuzzles that limits the resource consumption. cryptographic puzzles is due to Merkle [13].Generally reactive mechanisms have some However, Merkle used puzzles for key agreement,drawbacks. It suffers from scalability and attack rather than access control. Client puzzles have beentraffic identification problems [4]. applied to TCP SYN flooding by Juels and BrainardDos can be effectively beaten by utilizing Client [14]. Aura, Nikander, and Leiwo [15] apply clientPuzzles. In client puzzle approach, the client needs puzzles to authentication protocols in general [16].to solve the puzzle produced by the defender Dwork and Naor presented client puzzles as a(server) for getting services. The server produces general solution to controlling resource usage, andcomputational puzzles to client before committing specifically for regulating junk email. Their schemesthe resources. Once the sender solves the puzzle he develop along a different axis, primarily motivatedis allocated the requested resources. The attacker by the desire for the puzzles to have shortcuts if awho intends to use up the defender’s resources by piece of secret information is known. Xu et al. [17]his repeated requests is deterred from perpetrating proposed a game-theoretic model to defend a webthe attack, as solving a puzzle is resource service under DoS attack. They used a singleconsuming. To preserve the effectiveness and bottleneck link to simulate the attacks. The metricsoptimality of this mechanism, the difficulty level of used for the performance of their system are totalpuzzles should be adjusted in timely manner. throughput of the attackers and their legitimateNetwork puzzles and puzzle auctions tried to adjust clients, legitimate client’s average amount of time todifficulty level of puzzles but they are not much download a web page, number of concurrentsuitable in incorporating this trade-off. In this paper, attackers and clients, and packet drop probability ofwe show that Puzzle-based mechanism can be the attackers and the clients.effectively studied using game theory. This paper Nonetheless, an attacker who knows the defender’sshows Puzzle-based defence mechanism modeled as possible actions and their corresponding costs maytwo player game, one player as attacker who rationally adopt his own actions to defeat a puzzle-perpetrates a flooding attack and other as defender based defence mechanism. For example, if thewho counters the attack using client puzzles. Then defender produces difficult puzzles, the attackerNash equilibrium is applied on game which leads to responds them at random and with incorrectdescription of player’s optimal strategy [4]. solutions. In this way, he may be able to exhaust the defender’s resources engaged in solution II. RELATED WORK: verification. If the defender produces simple Burszteinetal [11] presented a model for puzzles, the mechanism is not effective in the senseevaluating the plausibility of successful attacks on a that the attacker solves the puzzles and performs angiven network with interdependent files and intense attack. Moreover, even if the defenderservices. This work provided a logic model that enjoys efficient low-cost techniques for producingaccounts for the time needed to attack, crash, or puzzles and verifying solutions, he should deploypatch network systems. Rather than providing a the effective puzzles of minimum difficulty levels,game theoretic model, the work used the given time i.e., the optimum puzzles, to provide the maximumand topology constraints to determine if an attack, or quality of service for the legitimate users. Hence,defence, would be successful. Sun et al [12] the difficulty level of puzzles should be accuratelyanalyzed information security problem in the mobile adjusted in a timely manner to preserve theelectronic commerce chain. They claimed that the effectiveness and optimality of the mechanism.application of game theory in information safety is Although some mechanisms such as [19] and [20]based on the hypothesis of players perfect have attempted to adjust the difficulty level ofrationality. Sun et al used game theory to make the puzzles according to the victim’s load, they are notanalysis and put forward strategy suggestions for based on a suitable formalism incorporating thedefender organization to invest in information above trade-offs and, therefore, the effectivenesssecurity. It is concerned about management and not and optimality of those mechanisms have remainedthe technology of the information security. They unresolved [4]formulated the problem of two organizationsinvesting in the security, with parameters such as for III. CLIENT PUZZLE APPROACHinvestment, security risk and disasters. They Currently intruders are beginning to morepresented a pay-off matrix. They did the Nash often use legitimate, or expected, protocols andEquilibrium analysis for both pure and mixed services as the vehicle for packet streams. Thestrategy and showed them to be consistent. To make resulting attacks are hard to defend against usingthe investing a rational option they introduced a standard techniques, as the malicious requests differpenalty parameter associated with not investing. from the legitimate ones in intent but not in content.They concluded by presenting an argument for Filtering or rate limiting based on anomalousencouraging organizations the investment in packets are not feasible at all. In fact, filtering or 752 | P a g e
  3. 3. Vancha Maheshwar Reddy, B Sandhya Rani, J Vedika, Ch. Veera Reddy / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 1, January -February 2013, pp.751-757rate limiting an attack that is using a legitimate and puzzle was introduced as early as 1978, and Merkleexpected type of traffic may in fact complete the was the first to incorporate the concept ofintruder’s task by causing legitimate services to be cryptographic puzzles into authentication protocols.denied. Currently, the most feasible way to handle Merkle introduced an idea that, in a giventhis kind of situation is using the Turing Test communication, one legitimate participant sendsmechanism as in Kill-bots. The graphical several cryptographic problems that would beCAPTCHAs are most widely used today. It consists broken by the other participant. The security againstof a picture with some degraded or distorted image, an eavesdropper is based on the fact that the attackerwhich will take up a lot of valuable bandwidth is forced to solve all the puzzles whereas theespecially in the case of the attack. Those graphical legitimate participant only needs to choose andCAPTCHA consists of a picture with some solve one puzzle. Current Client puzzle proposalsdegraded or distorted image. In the case of DDoS apply some of Merkle’s ideas [24]. Idealattack, sending those images from the server to the characteristics of a client puzzle protocol [37] First,client for authentication actually consumes quite a puzzle should be easy for the server to create andconsiderable bandwidth. T. Y. Chan has used the verify, and should be much more difficult for thetext-to-speech approach to generate the audio-based client to solve. The level of difficulty can beTuring test, yet it shows that the audio CAPTCHA parameterized, and can be changed if needed.largely ineffective. And actually audio-based Turing However, if the server is not under an attack, ittest will also consume remarkable bandwidth. Thus should be possible that a puzzle would not below bandwidth Turing test is very desirable for generated at all, allowing the client access withoutpreventing the DDoS attack. One possible low- solving a puzzle. Second, it should not be possiblebandwidth Turing test is using text-based question for an attacker to keep a table of known puzzles andanswering, since computational linguistics is one of solutions [25] [26]. Third, the client should knowthe most prominent research disciplines in artificial that it has the correct answer before submitting it tointelligence, and at the same time, Turing test in text the server. The puzzle solving process involves aformat normally consume much less bandwidth. repetitive brute-force task. The client should knowAlthough humans find it easy to understand the when to terminate this process when it has thenatural languages, computers do not [21]. The client correct solution. Fourth, the server should knowpuzzle approach means that before engaging in any what puzzles it has generated and which ones toresource consuming operations, the server first verify. There must be some type of mechanism ingenerates a puzzle and sends its description to the place that prevents an attacker from fabricating itsclient that is requesting service from the server. The own puzzle and sending its own solution to theclient has to solve the puzzle and send the result server. The server needs to store a small amount ofback to the server. The server continues with information so that it can determine which responsesprocessing the request of the client, only if the from the clients are solutions to valid puzzles Puzzleclient’s response to the puzzle is correct. This is Characteristics [22] The computational costssummarized in the following abstract protocol, employed by the server in generating and verifyingwhere C and S denote the client and the server, the puzzles must be significantly less expensive thatrespectively: [22] the computational costs employed the client inStep 1 C → S: sending service request solving the puzzles. The puzzle difficulty, whichStep 2 S: generation of a puzzle depends on the server’s resources availability,Step 3 S → C: sending description of the puzzle should be easily and dynamically adjusted duringStep 4 C: solving the puzzle attacks.Step 5 C → S: sending solution to the puzzle Clients have a limited amount of time to solveStep 6 S: verification of the solution puzzles.If the solution is correct: Pre-computing puzzle solutions should beStep 7 S: continue processing service request unfeasible. Having solved previous puzzles does not aid inOne can view the first six steps of the protocol as a solving new given puzzles.preamble preceding the provision of the service, Before a correct puzzle solution is submitted, thewhich is subsumed in a single step (step 7) in the server does not keep a record of the connection’sabove abstract description. The preamble provides a state.sort of algorithmic protection against DoS attacks. Initially In the Client Puzzle approach The TinyThe server can set the complexity level of the puzzle Encryption algorithm (TEA) which is a block-cipheraccording to the estimated strength (computational encryption algorithm was proposed in 1994 byresources) of the attacker. If the server manages to Wheeler and Needham [27][28]. Both theset an appropriate complexity level, then solving the encryption and decryption algorithms are Feistelpuzzle slows down the DoS attacker who will type routines that encrypt or decrypt data byeventually abandon his activity [23]. The idea of addition, subtraction, bit-shifting, and exclusive-OR 753 | P a g e
  4. 4. Vancha Maheshwar Reddy, B Sandhya Rani, J Vedika, Ch. Veera Reddy / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 1, January -February 2013, pp.751-757operations. The goal of the encryption algorithm is Action: An action constitutes a move in the givento create as much diffusion2 as possible by game.incorporating many rounds or iterations of these Payoff: The positive or negative reward to a playeroperations. After TEA was released, certain minor for a given action within the game.weaknesses were discovered in the encryption In this paper, we consider game as the interactionalgorithm [29]. In response, Wheeler and Needham between the attacker and defender as two playerdeveloped an extension to TEA, called XTEA [30] game where each player chooses actions whichLater Timothy, Jung-Min & Randolph [31] used results in the best possible rewards for self.variation of XTEA which uses 6 cycles and called it In this paper, we also study the existence ofXTEA6. equilibrium in these games and also show the benefit of using the game-theoretic defenceIV. GAME THEORY BASICS mechanism with puzzles. We use game theoretical In this section, we describe game theory concept with Nash Equilibrium which is used toconcepts used in defence models against Dos/DDoS describe puzzle usage. Game theory concepts areattacks. Game theory based architectures are now and can be used in most of the layers but here weused for network and computer security. In [32], a stress on using game theory in application theoretic method is presented which analysessecurity of computer networks. Game theory V. GAME THEORY AND CLIENT-describes a multi-player decision scenario. There are PUZZLESvarious games which are used to build-up the Game We have seen increasing activity in denialtheory inspired defence architecture. Some of them of service (DoS) attacks against online services andare given below: Perfect Information Game is a Web applications in order to extort, disable, orgame in which each player is aware of the moves of impair the competition. In order to extort, disableall other players that have already taken place. the competition in online services and webExamples are: chess, tic-tac-toe. Imperfect application there are instances of denial of servicesinformation game is a game where at least one (DoS) attack. An FBI affidavit [Poulsen 2004]player is not aware of the moves of at least other described a case where an e-Commerce Web site,player that have taken place. Complete Information, was subject to an organized DoSGame is a game in which every player knows both attack staged by one of its competitors. Thesethe structure of the game and the objective functions attacks were carried out using approximately 5,000of all players in the game, but not necessarily the to 10,000 zombie machines at the disposal of theactions. Incomplete information is game in which at attacker. These attacks began on 6th of Oct 2003,least one player is unaware of the structure of the with SYN floods slamming into forgame or the objective function for at least one of the 12 hours straight, crippling the site, which sellsother players. Bayesian Game is a game in which digital video recorders. In response, WeaKnees.cominformation about the strategies and payoff for other moved to more expensive hosting atplayers is incomplete and a player assigns a type to could counter theother players at the onset of the game. Such games SYN flooding attacks using SYN-cookies andare labeled Bayesian games due to the use of superior bandwidth capabilities. However, theBayesian analysis in predicting the outcome. attackers adapted their attack strategy and replacedStatic/Strategic Game is a one-shot game in which simple SYN flooding attacks with a HTTP flood,each player chooses his plan of action and all pulling large image files from Atplayers decisions are made simultaneously. its peak, it is believed that this onslaught kept theDynamic/Extensive Game is a game with more than company offline for a full two weeks, causing a lossone stage in each of which the players can consider of several million dollars in revenue. And sotheir action. The sequences of the game can be sophisticated DoS attacks are not only increasinglyeither finite, or infinite. Stochastic Game is a game focusing on low-level network flooding, but also onthat involves probabilistic transitions through application-level attacks that flood victims withseveral states of the system. The game progresses as requests. In this paper we are going to use clienta sequence of states. The game begins with a start puzzles which make use of game theory with Nashstate; the players choose actions and receives a equilibrium to counter DoS attacks also inpayoff that depend on the current state of the game, discussion we describe how the source of the attacksand then the game transitions into a new state with a can be traced and managed to provide more security.probability based upon players actions and the If security is provided on three major layers i.e.current state. The basic entities in the game are [33]: network layer, transport layer and application layerPlayer: A basic entity in a game that is tasked with then we can prevent DoS Attack at good multitude.making choices for actions. A player can represent a This we are countering by using client puzzles,person, machine, or group of persons within a game. before a client can establish a connection with a server, it must first solve a puzzle. In client-puzzle 754 | P a g e
  5. 5. Vancha Maheshwar Reddy, B Sandhya Rani, J Vedika, Ch. Veera Reddy / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 1, January -February 2013, pp.751-757approach, the defender treats incoming requests Mechanism) is derived from the open-loop solutionsimilarly and need not differentiate between the concept in which the defender chooses his actionsattack and legitimate requests. Upon receiving a regardless of what happened in the game history.request, the defender produces a puzzle and sends it The second is Closed-Loop Solutions: Closed loopto the requester. If it is answered by a correct is history dependent solution.PDM2 resolvessolution, the corresponding resources are then PDM1problems by using the closed-loop solutionallocated. By forcing the client to solve this puzzle, concepts, but it can only defeat a single-sourcewe can prevent frivolous and abusive connection attack. PDM3 extends PDM2 and deals withattempts by the client. distributed attacks. This defence is based on theThe common problem among most of the client assumption that the defender knows the size of thepuzzle schemes that have been proposed is the attack Coalition. PDM4, the ultimate defencepuzzle verification, which involves the execution of mechanism is proposed in which the size of thea hash function or an encryption function to verify attack coalition is assumed unknown [34].the client’s answer.This paper uses the concept of Game theory with VI. DISCUSSIONNash equilibrium. Nash equilibrium is a solution The defence mechanism proposed in thisconcept that describes a steady state condition of the paper largely depends on the quality of the puzzlesgame; no player would prefer to change his strategy i.e. how the PDM levels are used and differentiatedas that would lower his payoffs given that all other using puzzles at application layer. Moreover theplayers are adhering to the prescribed strategy. This security and maintenance of database consisting ofpaper uses the concept of Nash equilibrium in a puzzles at the defenders side is an important issueprescriptive way rather than only in descriptive way. which should be considered. In the game theoryUse of Nash equilibrium in prescriptive way does approach both the attacker and defender will try tonot lead to exhaustion of defenders resources as the increase their pay-off and at the same tries to gaindifficulty level of puzzles, random number more by reducing the counterpart’s pay-off. Thegenerators and other parameters are so adjusted to attempt of a defender will be considered optimum ifachieve the same. the pay-off of a defender; legitimate user isFig. 1 Client Puzzle Approach Here we calculate maximum and is minimum for the attacker. Someeach player’s payoff using game theory concepts. other important concepts have been discussedWe calculate defender’s payoff and attacker’s below: 6.1 Pushback Let us discuss some issues thatpayoff. The payoff is considered through actions may affect the way Pushback [35] could beQT, RA, and CA, which stand for quitting (no deployed. First off, it is fairly obvious that theanswer), random answer to puzzle, and correct pushback is most effective when an attack is non-answer to the puzzle. It is assumed that a legitimate isotropic; in other words, there will be routers fairlyuser always solves the puzzles and returns correct close to the target where most of the attack trafficanswers. Assume that the defender uses an easy will be arriving from a subset of the input links.puzzle P1 and a difficult puzzle P2 to defend him. That is a fairly safe assumption; even the biggest  αm -> time spend by defender in providing attacks do not involve more than a few thousand the service. compromised machines, and there are many millions  αpp -> time taken by defender to produce a of machine on the Internet. It would be particularly puzzle. hard for an attacker to ensure that the attack slaves  αVp ->time taken by defender to verify the are evenly distributed with respect to the target. solution. Another issue to examine is what fraction of the  αSP1-> expected time of attacker to spend attack traffic originates from hosts served by the to solve P1. same ISP as the target. The smaller the ISP, theDefender chooses the puzzles P1 and P2 such that smaller that fraction will be, and even the largest of  αSP1 < αm < αSP2 the top-tier ISPs will have a sizeable fraction ofOn receiving a puzzle, the attacker may choose from attacks originating from the outside. While an ISPone among the following actions: can unilaterally deploy Pushback in its routers,When attacker selects CA for puzzle Pi unless agreements with its peering ISPs are made onPi: CA = αm + αPP + αV P − αSPi how to honor pushback requests (an issue fraughtWhen attacker selects RA for puzzle Pi with security and policy issues), said ISP will havePi: RA = αm + αPP + αV P to take advantage of pushback as best as it can.Defender’s Time: Now, in general, an ISP’s network can be thought of Pi: X = -αPP - αV P - αm + αSPi as a cloud where clients attach (on edge routers) andWe are using four Puzzle-based Defence which connects to other ISPs at peering pointsMechanism based on Nash equilibrium. They are (private or public). An ISP’s network can thus beOpen-Loop Solutions: Open-loop is history viewed as a single virtual router, with multipleindependent solution.PDM1(Puzzle-based Defence inputs and multiple outputs. If, in addition to output 755 | P a g e
  6. 6. Vancha Maheshwar Reddy, B Sandhya Rani, J Vedika, Ch. Veera Reddy / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 1, January -February 2013, pp.751-757rate limiting, we were to implement input rate REFERENCESlimiting, then the following variation of pushback [1] D. Moore, C. Shannon, D.J. Brown, G.M.could be considered: when an edge router detects an Voelker, and S. Savage,“Inferring Internetattack toward one of its attached customers, it tries Denial-of-Service Activity,” ACMto pushback determine what fractions of the attack Trans.Computer Systems, vol. 24, no. 2, pp.traffic are coming through the border routers of the 115-139, May 2006.ISP. This could be done with some variation of [2] A. Hussain, J. Heidemann, and C.ITRACE or marking by the border routers that Papadopoulos, “A Frameworkfor Classifyingwould be caught and examined at the edge routers. Denial of Service Attacks,” Proc.Then, using (authenticated) tunnels to the border ACMSIGCOMM ’03, pp. 99-110, 2003.routers, the edge router would ask them to apply [3] A.R. Sharafat and M.S.Fallah, “A Frameworkinput rate limiting to the requested aggregate. If this for the Analysisof Denial of Serviceis deemed undoable, input rate limiting on the Attacks,” The Computer J., vol. 47, no. 2,pp.border routers would still be useful in that it would 179-192, Mar. 2004.effectively extend pushback by one more hop [4] Mehran S. Fallah, A Puzzle-Based Defencewithout the cooperation of the (upstream, belonging Strategy AgainstFlooding Attacks Usingto a different ISP) router. 6.2 Password Cracking In Game Theory, IEEE transactions ona Password Cracking [36] attack an attacker tries to dependable and secure computing, vol. 7, no.gain unauthorized access to some machine by 1, pg 5-19.making repeated guesses at possible usernames and [5] C.L. Schuba, I.V. Krsul, M.G. Kuhn, E.H.passwords. Password guessing can be done remotely Spafford, A. Sundaram,and D. Zamboni,with many services; telnet, ftp, pop, rlogin, and “Analysis of a Denial of Service Attack onimap are the most prominent services that support TCP,”Proc. 18th IEEE Symp. Security andauthentication using usernames and passwords. Privacy, pp. 208-223, 1997.Dictionary attack is one such type of attack. A [6] Smurf IP Denial-of-Service Attacks. CERTDictionary attack uses a targeted technique of Coordination Center,Carnegie Mellon Univ.,successively trying all the words in an exhaustive 1998.list called a dictionary which is a pre-arranged list of [7] Denial-of-Service Tools. CERT Coordinationvalues. In contrast with a brute force attack, where a Center, CarnegieMellon Univ., 1999.large proportion key space is searched [8] J. Ioannidis and S. Bellovin, “Implementingsystematically, a dictionary attack tries only those Pushback: Router- Bssed Defence againstpossibilities which are most likely to succeed DDoS Attacks,” Proc. Networktypically derived from a list of words for example a andDistributed System Security Symp.dictionary or a bible etc. Dictionary attacks succeed (NDSS ’02), pp. 6-8, 2002.because many people have a tendency to choose [9] D. Song and A. Perrig, “Advanced andpasswords which are short (7 characters or fewer), Authenticated MarkingSchemes for IPsingle words found in dictionaries or simple, easily- Traceback,” Proc. IEEE INFOCOM ’01, pp.predicted variations on words, such as appending a 878-886,2001.digit. [10] A. Yaar, D. Song, and A. Perrig, “SIFF: A Stateless Internet FlowFilter to MitigateVII. CONCLUSION DDoS Flooding Attacks,” Proc. IEEE Game theory has been used in this paper to Symp.Security and Privacy, pp. 130-146,provide defence mechanisms for flooding attacks 2004.using puzzles. The interaction between the defender [11] E. Bursztein and J. Goubalt-Larrecq. Aand attacker is considered as an infinitely repeated logical framework for evaluating networkgame of discounted payoffs. The mechanism has resilience againstfaults and attacks. Lecturebeen divided into different levels. This paper has Notes in Computer Science; Vol. 4846, 2007also described the architecture of a client puzzle [12] W. Sun, X. Kong, D. He, and X. You.protocol. The algorithm selected for the client Information security problem research basedpuzzle can be implemented on almost any platform. on game theory. International Symposium onFor the scenario in which an attacker carries out a Publication Electronic Commerce andDDoS attack, we modelled the actions of the Security, 2008.attacker as intensities or data rates employed in [13] R. C. Merkle. “Secure Communications Overcarrying out the attack. And to develop a trace back Insecure Channels,” In Communications ofsystem that can trace a single packet so that the data the ACM. April, 1978.of the whole message is saved and to reduced [14] A. Juels and J. Brainard. “Client Puzzles: Aeavesdropping risks. cryptographic defence against connection depletion attacks,” In Proceedings of NDSS 756 | P a g e
  7. 7. Vancha Maheshwar Reddy, B Sandhya Rani, J Vedika, Ch. Veera Reddy / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 1, January -February 2013, pp.751-757 ’99 (Networks and Distributed Systems at: Security), 1999, pages 151-165. -rmn/djw-rmn-tea.html. November, 1994.[15] T. Aura, P. Nikander, and J. Leiwo. “DoS- [28] A. J. Menezes, P. C. van Oorschot, and S. A. Resistant Authentication with Client Vanstone. “Handbook of Applied Puzzles,” Lecture Notes in Computer Cryptography.”CRC Press, 1996. Science, vol. 2133, 2001. [29] W. Sun, X. Kong, D. He, and X. You.[16] C. Dwork and M. Naor. “Pricing via Information security problem research based Processing or Combating Junk Mail,” In on game theory. International Symposium on Advances in Cryptology – Crypto ’92.Spring- Publication Electronic Commerce and Verlag, LNCS volume 740, pp. 129-147, Security, 2008. August 1992. [30] R. C. Merkle. “Secure Communications Over[17] J. Xu and W. Lee. Sustaining availability of Insecure Channels,” In Communications of web services under distributed denial of the ACM. April, 1978. service attacks. IEEE Transactions on [31] Timothy J. McNevin, Jung-Min Park, and Computers, pages 195–208, 2003. Randolph Marchany. “pTCP: A Client Puzzle[18] Q. Wu, S. Shiva, S. Roy, C. Ellis, V. Datla, Protocol For Defending Against Resource and D. Dasgupta. On Modeling and Exhaustion Denial of Service Attacks” Simulation of Game Theory-based Defense [32] K. Lye and J.M. Wing. Game strategies in Mechanisms against DoS and DDoS Attacks. network security.In Proceedings of the 15th 43rd Annual Simulation Symposium IEEE Computer Security Foundations (ANSS10), part of the 2010 Spring Workshop, 2002. Simulation MultiConference, April 11-15, [33] S. Roy, C. Ellis, S. Shiva, D. Dasgupta, V. 2010. Shandilya, and Q. Wu. A survey of game[19] W. Feng, E. Kaiser, W. Feng, and A. Luu, theory as applied to network security. The “The Design andImplementation of Network 43rd Hawaii International Conference on Puzzles,” Proc. 24th Ann. Joint Conf.IEEE System Sciences, 2010. Computer and Comm. Societies, pp. 2372- [34] Mehran S. Fallah, A Puzzle-Based Defense 2382, 2005. Strategy Against Flooding Attacks Using[20] X. Wang and M. Reiter, “Defending Against Game Theory, IEEE TRANSACTIONS ON Denial-of-ServiceAttacks with Puzzle DEPENDABLE AND SECURE Auctions,” Proc. IEEE Security and COMPUTING, VOL. 7, NO. 1, JANUARY- Privacy,pp. 78-92, 2003. MARCH 2010[21] ShibiaoLin ,Tzi-ckerChiueh A Survey on [35] John Ioannidis, Steven M. Bellovin, Solutions to Distributed Denial of Service Implementing Pushback: Router-Based Attacks Defense Against DDoS Attacks[22] Vicky Laurens, Abdulmotaleb El Saddik, and [36] Tanmay Sanjay Khirwadkar, Defense Against Amiya Nayak, Requirements for Client Network Attacks Using Game Theory, Puzzles to Defeat the Denial of Service and University Of Illinois At Urbana-Champaign, the Distributed Denial of Service Attacks 2011[23] B. Bencsath, I. Vajda, and L. Buttyan, “A [37] Timothy J. McNevin, Jung-Min Park, and Game Based Analysis of the Client Puzzle Randolph Marchany, pTCP: A Client Puzzle Approach to Defend Against DoS Attacks,” Protocol For Defending Against Resource Proc. 11th Int’l Conf. Software, Telecomm., Exhaustion Denial of Service Attacks and Computer Networks, pp. 763- 767, 2003.[24] Merkle R.C., “Secure Communications Over Insecure Channels,” Communications of ACM, vol. 21, no.4, pp.294-299, April 1978[25] A. Juels and J. Brainard. “Client Puzzles: A cryptographic defense against connection depletion attacks,” In Proceedings of NDSS ’99 (Networks and Distributed Systems Security), 1999, pages 151-165.[26] T. Aura, P. Nikander, and J. Leiwo. “DoS- Resistant Authentication with Client Puzzles,” Lecture Notes in Computer Science, vol. 2133, 2001.[27] D. Wheeler and R. Needham. “TEA, a Tiny Encryption Algorithm,” Unpublished Manuscript. Available 757 | P a g e