1. IEEE International ConferenceOn RecentTrendsInElectronicsInformation CommunicationTechnology,May18-19,2018, India
Anomaly based Mitigation of Volumetric DDoS
Prachi Gulihar B.B. Gupta
National Institute of Technology,
Kurukshetra,India
Prachi Gulihar, B.B. Gupta 1/ 15RTEICT-2018
Attack Using Client Puzzle as Proof-of-Work
2. Table of Contents
1 Introduction
2 Related Works
3 Proposed Model
4 Description of the Algorithm
5 Simulation Analysis
7 Conclusion and Future Work
Prachi Gulihar, B.B. Gupta RTEICT-2018 2/ 15
6 Advantages
References8
3. Introduction
Nowadays the Internet plays a vital role in the growth of the
economy for any nation.
1DDoS attacks are one of the major threat that hurting this
growth as it affects the systems and network which uses the
Internet for their business work.
In DDoS attacks, victims bandwidth is flooded with the
excessive amount of malicious or fake traffic due to which, the
victim is unable to serve the legitimate users.
1
J. MirkovicandP. Reiher,“A taxonomyofddosattackandddosdefensemechanisms,”ACMSIGCOMM
ComputerCommunication Review,vol.34,no.2, pp.39–53, 2004.
Prachi Gulihar, B.B. Gupta RTEICT-2018 3/ 15
5. Related Works
Prachi Gulihar, B.B. Gupta RTEICT-2018 5/ 15
Approach Advantages Limitations
Router based Pushback with
Client Puzzles [8]
Puzzle work load is transferred to the
upstream path routers which decreases
work load of processing on the path
routers.
It is not effective in performing rate-limiting defense on
the malicious traffic inside the aggregate.
Fails to mitigate the attack traffic which is distributed
within the inbound links in a uniform manner.
Software Puzzle [6]
Attackers cannot inflate their puzzle-
solving capabilities using GPU.
Can be easily integrated with the data
puzzle schemes existing on the server side
because it is made upon a data puzzle.
Easily deployed.
Generation of puzzle at the server side makes it a time
consuming process as the victim server only has to put in
time for construction of the puzzle.
No provision for construction of the software puzzle at
the client-side.
Bitcoin Blockchain [4]
Fair client puzzles are computed
independent of power of client machine’s
computing resources.
Client cannot save the puzzles to respond
afterwards at a later stage with an
overwhelming count of correct puzzle
solutions at a single point of time.
Blocks in a bitcoin blockchain are generated
approximately every ten minutes which is makes it
impractical for client puzzle applications.
Game Theory with Nash
equilibrium [9]
Applicable in defending both distributed
and single-source attacks.
Does not support larger payoffs to be feasible in the
game.
Outsourced puzzles [5]
Robust puzzle distribution mechanism.
Offline computation of puzzles
One server is able to compute tokens associated with
other servers resulting in diffusion of trust across other
participants.
Standard Model Client Puzzles
[7]
Less number of modular multiplication
operations for puzzle generation by
defending server.
Faster cumulative verification time.
Slower puzzle generation time.
Slower solution verification time as compared to hash
based puzzles.
6. Work Done
Proposed a multi-level defense approach using congestion
level control and anomaly based techniques can be explained
by the following four steps which are executed in a
consecutive manner of execution:
Detection of DDOS attack.
Challenging the attacking sources.
Suppression of malicious packets.
Diverting the traffic flood.
Prachi Gulihar, B.B. Gupta RTEICT-2018 6/ 15
7. Proposed Model
Figure 2: Framework of Proposed Approach
Prachi Gulihar, B.B. Gupta RTEICT-2018 7/ 15
8. Description of the Algorithm
In the incoming traffic, every incoming packet is placed into its
respective module, according to the volume of the attack
traffic – normal, caution, peak.
If this volume is less than the normal level then the defense
mechanism is not activated and the traffic is sent to the
destination machine.
If the volume destined towards the victim rises above the
caution level, then the puzzle generation module is activated
which checks the packets for PoW as authority to send requests to
the server. Only the authorized client requests are forwarded.
If the volume of the incoming traffic rises above the peak level,
then all of the traffic is diverted to dynamic provisioning module.
Prachi Gulihar, B.B. Gupta RTEICT-2018 8/ 15
9. Description Of Algorithm
Time range (tx, ty) is the transition period of ddos attack.
Input: Incoming traffic Xin
Start Vin = null;
//set initial volume metric as null
Fetch (Xin[t], Vin[t]);
If (Vin[t] < V[tx ]) //no defense
{Forward_ISP (Xin[t])}
//client puzzle P
ElseIf (V[tx] < Vin[t] < V[ty])
{S : Generate(P);
S -> C : Send(P);
C : S=Solve(P);
C->S : Send(S);
If (S==Solution[P])
{Forward_ISP (Xin[t]);}
Else
{Forward_Garbage(Xin[t]);}}
Prachi Gulihar, B.B. Gupta RTEICT-2018 9/ 15
//dynamic provisioning
Else
{Forward_DPM(Xin[t]);}
Forward_ISP (Xin[t])
{Handle (Xin[t]);}
//diversion
Forward_DPM(Xin[t])
{Send(Xin[t]) -> PolicyHandler;
Forward(Xin[t]) -> HelpingServers; }
//blacklisting
Forward_Garbage(Xin[t])
{Discard(Xin[t]);
SourceIP(Xin[t]) -> logServer; }
End
10. Simulation Analysis
Basic network to test flooding attack is set up with the help of
Network Simulator 2.
Anticipation of mitigation rate of the proposed framework is
done under two conditions. Firstly, when the defense
mechanism is in place and secondly, without it.
A heterogeneous network comprising of different types of
traffic is taken, and defense is done under three attack load
condition of the network traffic.
Simulation of the model is tested under the two types of DDoS
attack: TCP flood and UDP flood.
In Dynamic Provisioning Module simulation, minimum charge
policy in kept in policy handler.
Prachi Gulihar, B.B. Gupta RTEICT-2018 1 0 / 15
11. Simulation Analysis
Figure 3: Packet distribution Between under Normal and DDoS
attack Scenario (a) Benign packets , (b) Malicious packets
Prachi Gulihar, B.B. Gupta RTEICT-2018 11/ 15
12. Advantages
Lineal Deployment:
The PoW ensures easy deployment on the existing infrastructure without
any major modifications on server machine.
On-Demand DDoS Mitigation:
Defense comes under action only when the attack is happening else
remains inactive which lowers the maintenance costs.
Non-distinguishable DDoS Defense:
Proof-of-Work (PoW) scheme prioritises the connection requests reducing
the collateral damage done to the legitimate traffic due to non-filteration
of malicious traffic.
Risk Transfer:
The Risk Transfer mechanism is well suited for the securing network
layer attacks as even if the internal devices are unsecure, dynamic
provisioning is enough to prevent DDoS attacks.
Prachi Gulihar, B.B. Gupta RTEICT-2018 12/ 15
13. Conclusion and Future Work
This method authenticates and permits only the
authoritative clients to gain access to the services offered
by the server using client puzzles as Proof-of-Work (PoW).
This volume based activation of defense scheme ensures
the design goal of on-demand mitigation. .
Our future work will be focus on testing the proposed approach
in the real-time environment, as well with more attack
scenarios.
The research problem of helping servers allowing others to
use their machine in DDoS defense for money is an
interesting part to investigate.
Prachi Gulihar, B.B. Gupta
RTEICT-2018
1 3 / 15
14. References
1. Britton T., Liu-Johnston I., Cugnière I., Gupta S., Rodriguez D., Barbier J., & Tricaud, S.
Analysis of 24 Hours Internet Attacks.
2. Khor, S. H.. “Deployable Mechanisms for Distributed Denial-of-Service (DDoS) Attack
Mitigation” , 2010.
3. Kumarasamy, Saravanan, and R. Asokan. "Distributed Denial of Service (DDoS) Attacks
Detection Mechanism." arXiv preprint arXiv:1201.2007 , 2012.
4. Wu, Yongdong, et al. "Software puzzle: A countermeasure to resource-inflated denial-
of-service attacks." IEEE Transactions on Information forensics and security 10.1, 2015:
168-177.
5. Boyd, Colin, and Christopher Carr. "Fair client puzzles from the bitcoin
blockchain." Australasian Conference on Information Security and Privacy. Springer,
Cham, 2016.
6. Fallah, Mehran. "A puzzle-based defense strategy against flooding attacks using game
theory." IEEE transactions on dependable and secure computing 7.1 , 2010: 5-19.
7. Waters, Brent, et al. "New client puzzle outsourcing techniques for DoS
resistance." Proceedings of the 11th ACM conference on Computer and
communications security. ACM, 2004.
8. Kuppusamy, Lakshmi, et al. "Practical client puzzles in the standard
model." Proceedings of the 7th ACM Symposium on Information, Computer and
Communications Security. ACM, 2012.
Prachi Gulihar, B.B. Gupta RTEICT-2018 14/ 15