1. Vancha Maheshwar Reddy, B Sandhya Rani, J Vedika, Ch. Veera Reddy / International
Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 1, January -February 2013, pp.751-757
Game Theory based Defense Strategy against Denial of Service
Attack using Puzzles
Vancha Maheshwar Reddy1, B Sandhya Rani2, J Vedika3, Ch. Veera
Reddy4
(1,2,3
Assistant Professor, ACE Engineering College, Hyderabad)
4
( Assistant Professor, SCIENT Institute of Technology, Hyderabad)
ABSTRACT
Security issues have become a major Flooding attacks examples are SYN flood, Smurf,
issue in recent years due to the advancement of TFN2K which sends a large number of requests to
technology in networking and its use in a service provided by victim system. SYN flood uses
destructive way. A number of defense strategies resource starvation to achieve DoS attack [5]
have been devised to overcome the flooding whereas Smurf attack uses bandwidth consumption
attack which is prominent in the networking to disable victim system’s network resources [6] and
industry due to which depletion of resources TFN2K attacks are launched using spoofed IP
takes place. But these mechanism are not addresses, making detecting the sources of the
designed in an optimally and effectively and some attacks more difficult[7]. These requests reduce or
of the issues have been unresolved. Hence in this use up some key resources of victim by large
paper we suggest a Game theory based strategy amount and so legitimate user’s requests for same
to create a series of defence mechanisms using resources are denied. Capacity of a buffer, CPU
puzzles. Here the concept of Nash equilibrium is time to process requests, available bandwidth of a
used to handle sophisticated flooding attack to communication channel are some of the resources of
defend distributed attacks from unknown a networked system[4]. The depleted resources
number of sources revive when the flooding attack stops. Examples of
Logical attack are Ping-of-Death, Teardrop .In
General Terms: Computer Networks and Security. logical attack, victim’s vulnerable software accepts
Keywords: Dos Attacks, Game Theory, Puzzles. and process a forged fatal message which leads to
resource exhaustion. Flooding attack and Logical
I. INTRODUCTION attack will act as memory eaters, bandwidth loggers,
The pace with which the technology is or system crashers. Appropriate remedial actions are
advancing is amazing. With the advancement in to be adopted against logical attacks since effects of
technology there has been a great advancement in attack remain even after attack, whereas it is not the
networking too. Networking today has become case in flooding attacks. The contents of attack
inevitable and is a part and parcel in various aspects message and legitimate message differ and by
of our life. If we consider the present business and making distinction among them, logical attack can
political scenario, there has been a rat-race going on be thwarted, which is not possible in flooding attack
which has made individuals not only upgrade their [4]. As such distinction is not possible in flooding
own resources but also degrade their competitor’s attack; the defence becomes an arduous task against
resources by some malicious activities. Hence in flooding attacks. Here in this paper have solely
recent years, security concerned issues has received focused on Flooding Attacks, There is no “magical
enormous attention in networked system because of panacea” for potential threats in computer security.
availability of services. Networked systems are To defend a system in network there is only one
vulnerable to DoS (Denial of Services) attack. A way that is to design and employ a number of
Denial-of-Service attack (Dos attack) is a type of protections or defence mechanisms that mitigates a
attack on a network that is designed to bring specific threat. Large number of defenses against
network to its knees by flooding it with useless flooding attack have been devised which may be
traffic. In this area, most researches are based on reactive or preventive. Mechanisms such as
designing and verifying various defense strategies pushback [8], traceback [9], or filtering [10] are
against denial-of-service (DoS) attacks. A DoS reactive mechanisms which alleviate the impact of
attack characterizes a malicious behavior preventing flooding attack by detecting the attack on the victim,
the legitimate users of a network from using the but they all have significant drawbacks that limit
services provided by that network. Flooding attacks their practical utility in the current scenario.
and Logic attacks are the two principal classes of Whereas Preventive strategies make the victim able
DoS attack. ([1], [2], [3], [4]). to tolerate the attack without the legitimate user’s
request getting denied. Preventive mechanism
751 | P a g e
2. Vancha Maheshwar Reddy, B Sandhya Rani, J Vedika, Ch. Veera Reddy / International
Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 1, January -February 2013, pp.751-757
enforces restrictive policies such as use of client information security the original idea of
puzzles that limits the resource consumption. cryptographic puzzles is due to Merkle [13].
Generally reactive mechanisms have some However, Merkle used puzzles for key agreement,
drawbacks. It suffers from scalability and attack rather than access control. Client puzzles have been
traffic identification problems [4]. applied to TCP SYN flooding by Juels and Brainard
Dos can be effectively beaten by utilizing Client [14]. Aura, Nikander, and Leiwo [15] apply client
Puzzles. In client puzzle approach, the client needs puzzles to authentication protocols in general [16].
to solve the puzzle produced by the defender Dwork and Naor presented client puzzles as a
(server) for getting services. The server produces general solution to controlling resource usage, and
computational puzzles to client before committing specifically for regulating junk email. Their schemes
the resources. Once the sender solves the puzzle he develop along a different axis, primarily motivated
is allocated the requested resources. The attacker by the desire for the puzzles to have shortcuts if a
who intends to use up the defender’s resources by piece of secret information is known. Xu et al. [17]
his repeated requests is deterred from perpetrating proposed a game-theoretic model to defend a web
the attack, as solving a puzzle is resource service under DoS attack. They used a single
consuming. To preserve the effectiveness and bottleneck link to simulate the attacks. The metrics
optimality of this mechanism, the difficulty level of used for the performance of their system are total
puzzles should be adjusted in timely manner. throughput of the attackers and their legitimate
Network puzzles and puzzle auctions tried to adjust clients, legitimate client’s average amount of time to
difficulty level of puzzles but they are not much download a web page, number of concurrent
suitable in incorporating this trade-off. In this paper, attackers and clients, and packet drop probability of
we show that Puzzle-based mechanism can be the attackers and the clients.
effectively studied using game theory. This paper Nonetheless, an attacker who knows the defender’s
shows Puzzle-based defence mechanism modeled as possible actions and their corresponding costs may
two player game, one player as attacker who rationally adopt his own actions to defeat a puzzle-
perpetrates a flooding attack and other as defender based defence mechanism. For example, if the
who counters the attack using client puzzles. Then defender produces difficult puzzles, the attacker
Nash equilibrium is applied on game which leads to responds them at random and with incorrect
description of player’s optimal strategy [4]. solutions. In this way, he may be able to exhaust the
defender’s resources engaged in solution
II. RELATED WORK: verification. If the defender produces simple
Burszteinetal [11] presented a model for puzzles, the mechanism is not effective in the sense
evaluating the plausibility of successful attacks on a that the attacker solves the puzzles and performs an
given network with interdependent files and intense attack. Moreover, even if the defender
services. This work provided a logic model that enjoys efficient low-cost techniques for producing
accounts for the time needed to attack, crash, or puzzles and verifying solutions, he should deploy
patch network systems. Rather than providing a the effective puzzles of minimum difficulty levels,
game theoretic model, the work used the given time i.e., the optimum puzzles, to provide the maximum
and topology constraints to determine if an attack, or quality of service for the legitimate users. Hence,
defence, would be successful. Sun et al [12] the difficulty level of puzzles should be accurately
analyzed information security problem in the mobile adjusted in a timely manner to preserve the
electronic commerce chain. They claimed that the effectiveness and optimality of the mechanism.
application of game theory in information safety is Although some mechanisms such as [19] and [20]
based on the hypothesis of player's perfect have attempted to adjust the difficulty level of
rationality. Sun et al used game theory to make the puzzles according to the victim’s load, they are not
analysis and put forward strategy suggestions for based on a suitable formalism incorporating the
defender organization to invest in information above trade-offs and, therefore, the effectiveness
security. It is concerned about management and not and optimality of those mechanisms have remained
the technology of the information security. They unresolved [4]
formulated the problem of two organizations
investing in the security, with parameters such as for III. CLIENT PUZZLE APPROACH
investment, security risk and disasters. They Currently intruders are beginning to more
presented a pay-off matrix. They did the Nash often use legitimate, or expected, protocols and
Equilibrium analysis for both pure and mixed services as the vehicle for packet streams. The
strategy and showed them to be consistent. To make resulting attacks are hard to defend against using
the investing a rational option they introduced a standard techniques, as the malicious requests differ
penalty parameter associated with not investing. from the legitimate ones in intent but not in content.
They concluded by presenting an argument for Filtering or rate limiting based on anomalous
encouraging organizations the investment in packets are not feasible at all. In fact, filtering or
752 | P a g e
3. Vancha Maheshwar Reddy, B Sandhya Rani, J Vedika, Ch. Veera Reddy / International
Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 1, January -February 2013, pp.751-757
rate limiting an attack that is using a legitimate and puzzle was introduced as early as 1978, and Merkle
expected type of traffic may in fact complete the was the first to incorporate the concept of
intruder’s task by causing legitimate services to be cryptographic puzzles into authentication protocols.
denied. Currently, the most feasible way to handle Merkle introduced an idea that, in a given
this kind of situation is using the Turing Test communication, one legitimate participant sends
mechanism as in Kill-bots. The graphical several cryptographic problems that would be
CAPTCHAs are most widely used today. It consists broken by the other participant. The security against
of a picture with some degraded or distorted image, an eavesdropper is based on the fact that the attacker
which will take up a lot of valuable bandwidth is forced to solve all the puzzles whereas the
especially in the case of the attack. Those graphical legitimate participant only needs to choose and
CAPTCHA consists of a picture with some solve one puzzle. Current Client puzzle proposals
degraded or distorted image. In the case of DDoS apply some of Merkle’s ideas [24]. Ideal
attack, sending those images from the server to the characteristics of a client puzzle protocol [37] First,
client for authentication actually consumes quite a puzzle should be easy for the server to create and
considerable bandwidth. T. Y. Chan has used the verify, and should be much more difficult for the
text-to-speech approach to generate the audio-based client to solve. The level of difficulty can be
Turing test, yet it shows that the audio CAPTCHA parameterized, and can be changed if needed.
largely ineffective. And actually audio-based Turing However, if the server is not under an attack, it
test will also consume remarkable bandwidth. Thus should be possible that a puzzle would not be
low bandwidth Turing test is very desirable for generated at all, allowing the client access without
preventing the DDoS attack. One possible low- solving a puzzle. Second, it should not be possible
bandwidth Turing test is using text-based question for an attacker to keep a table of known puzzles and
answering, since computational linguistics is one of solutions [25] [26]. Third, the client should know
the most prominent research disciplines in artificial that it has the correct answer before submitting it to
intelligence, and at the same time, Turing test in text the server. The puzzle solving process involves a
format normally consume much less bandwidth. repetitive brute-force task. The client should know
Although humans find it easy to understand the when to terminate this process when it has the
natural languages, computers do not [21]. The client correct solution. Fourth, the server should know
puzzle approach means that before engaging in any what puzzles it has generated and which ones to
resource consuming operations, the server first verify. There must be some type of mechanism in
generates a puzzle and sends its description to the place that prevents an attacker from fabricating its
client that is requesting service from the server. The own puzzle and sending its own solution to the
client has to solve the puzzle and send the result server. The server needs to store a small amount of
back to the server. The server continues with information so that it can determine which responses
processing the request of the client, only if the from the clients are solutions to valid puzzles Puzzle
client’s response to the puzzle is correct. This is Characteristics [22] The computational costs
summarized in the following abstract protocol, employed by the server in generating and verifying
where C and S denote the client and the server, the puzzles must be significantly less expensive that
respectively: [22] the computational costs employed the client in
Step 1 C → S: sending service request solving the puzzles. The puzzle difficulty, which
Step 2 S: generation of a puzzle depends on the server’s resources availability,
Step 3 S → C: sending description of the puzzle should be easily and dynamically adjusted during
Step 4 C: solving the puzzle attacks.
Step 5 C → S: sending solution to the puzzle Clients have a limited amount of time to solve
Step 6 S: verification of the solution puzzles.
If the solution is correct: Pre-computing puzzle solutions should be
Step 7 S: continue processing service request unfeasible.
Having solved previous puzzles does not aid in
One can view the first six steps of the protocol as a solving new given puzzles.
preamble preceding the provision of the service, Before a correct puzzle solution is submitted, the
which is subsumed in a single step (step 7) in the server does not keep a record of the connection’s
above abstract description. The preamble provides a state.
sort of algorithmic protection against DoS attacks. Initially In the Client Puzzle approach The Tiny
The server can set the complexity level of the puzzle Encryption algorithm (TEA) which is a block-cipher
according to the estimated strength (computational encryption algorithm was proposed in 1994 by
resources) of the attacker. If the server manages to Wheeler and Needham [27][28]. Both the
set an appropriate complexity level, then solving the encryption and decryption algorithms are Feistel
puzzle slows down the DoS attacker who will type routines that encrypt or decrypt data by
eventually abandon his activity [23]. The idea of addition, subtraction, bit-shifting, and exclusive-OR
753 | P a g e
4. Vancha Maheshwar Reddy, B Sandhya Rani, J Vedika, Ch. Veera Reddy / International
Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 1, January -February 2013, pp.751-757
operations. The goal of the encryption algorithm is Action: An action constitutes a move in the given
to create as much diffusion2 as possible by game.
incorporating many rounds or iterations of these Payoff: The positive or negative reward to a player
operations. After TEA was released, certain minor for a given action within the game.
weaknesses were discovered in the encryption In this paper, we consider game as the interaction
algorithm [29]. In response, Wheeler and Needham between the attacker and defender as two player
developed an extension to TEA, called XTEA [30] game where each player chooses actions which
Later Timothy, Jung-Min & Randolph [31] used results in the best possible rewards for self.
variation of XTEA which uses 6 cycles and called it In this paper, we also study the existence of
XTEA6. equilibrium in these games and also show the
benefit of using the game-theoretic defence
IV. GAME THEORY BASICS mechanism with puzzles. We use game theoretical
In this section, we describe game theory concept with Nash Equilibrium which is used to
concepts used in defence models against Dos/DDoS describe puzzle usage. Game theory concepts are
attacks. Game theory based architectures are now and can be used in most of the layers but here we
used for network and computer security. In [32], a stress on using game theory in application layer.
game theoretic method is presented which analyses
security of computer networks. Game theory V. GAME THEORY AND CLIENT-
describes a multi-player decision scenario. There are PUZZLES
various games which are used to build-up the Game We have seen increasing activity in denial
theory inspired defence architecture. Some of them of service (DoS) attacks against online services and
are given below: Perfect Information Game is a Web applications in order to extort, disable, or
game in which each player is aware of the moves of impair the competition. In order to extort, disable
all other players that have already taken place. the competition in online services and web
Examples are: chess, tic-tac-toe. Imperfect application there are instances of denial of services
information game is a game where at least one (DoS) attack. An FBI affidavit [Poulsen 2004]
player is not aware of the moves of at least other described a case where an e-Commerce Web site,
player that have taken place. Complete Information WeaKnees.com, was subject to an organized DoS
Game is a game in which every player knows both attack staged by one of its competitors. These
the structure of the game and the objective functions attacks were carried out using approximately 5,000
of all players in the game, but not necessarily the to 10,000 zombie machines at the disposal of the
actions. Incomplete information is game in which at attacker. These attacks began on 6th of Oct 2003,
least one player is unaware of the structure of the with SYN floods slamming into WeaKnees.com for
game or the objective function for at least one of the 12 hours straight, crippling the site, which sells
other players. Bayesian Game is a game in which digital video recorders. In response, WeaKnees.com
information about the strategies and payoff for other moved to more expensive hosting at
players is incomplete and a player assigns a 'type' to RackSpace.com. Rackspace.com could counter the
other players at the onset of the game. Such games SYN flooding attacks using SYN-cookies and
are labeled Bayesian games due to the use of superior bandwidth capabilities. However, the
Bayesian analysis in predicting the outcome. attackers adapted their attack strategy and replaced
Static/Strategic Game is a one-shot game in which simple SYN flooding attacks with a HTTP flood,
each player chooses his plan of action and all pulling large image files from WeaKnees.com. At
players' decisions are made simultaneously. its peak, it is believed that this onslaught kept the
Dynamic/Extensive Game is a game with more than company offline for a full two weeks, causing a loss
one stage in each of which the players can consider of several million dollars in revenue. And so
their action. The sequences of the game can be sophisticated DoS attacks are not only increasingly
either finite, or infinite. Stochastic Game is a game focusing on low-level network flooding, but also on
that involves probabilistic transitions through application-level attacks that flood victims with
several states of the system. The game progresses as requests. In this paper we are going to use client
a sequence of states. The game begins with a start puzzles which make use of game theory with Nash
state; the players choose actions and receives a equilibrium to counter DoS attacks also in
payoff that depend on the current state of the game, discussion we describe how the source of the attacks
and then the game transitions into a new state with a can be traced and managed to provide more security.
probability based upon players' actions and the If security is provided on three major layers i.e.
current state. The basic entities in the game are [33]: network layer, transport layer and application layer
Player: A basic entity in a game that is tasked with then we can prevent DoS Attack at good multitude.
making choices for actions. A player can represent a This we are countering by using client puzzles,
person, machine, or group of persons within a game. before a client can establish a connection with a
server, it must first solve a puzzle. In client-puzzle
754 | P a g e
5. Vancha Maheshwar Reddy, B Sandhya Rani, J Vedika, Ch. Veera Reddy / International
Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 1, January -February 2013, pp.751-757
approach, the defender treats incoming requests Mechanism) is derived from the open-loop solution
similarly and need not differentiate between the concept in which the defender chooses his actions
attack and legitimate requests. Upon receiving a regardless of what happened in the game history.
request, the defender produces a puzzle and sends it The second is Closed-Loop Solutions: Closed loop
to the requester. If it is answered by a correct is history dependent solution.PDM2 resolves
solution, the corresponding resources are then PDM1problems by using the closed-loop solution
allocated. By forcing the client to solve this puzzle, concepts, but it can only defeat a single-source
we can prevent frivolous and abusive connection attack. PDM3 extends PDM2 and deals with
attempts by the client. distributed attacks. This defence is based on the
The common problem among most of the client assumption that the defender knows the size of the
puzzle schemes that have been proposed is the attack Coalition. PDM4, the ultimate defence
puzzle verification, which involves the execution of mechanism is proposed in which the size of the
a hash function or an encryption function to verify attack coalition is assumed unknown [34].
the client’s answer.
This paper uses the concept of Game theory with VI. DISCUSSION
Nash equilibrium. Nash equilibrium is a solution The defence mechanism proposed in this
concept that describes a steady state condition of the paper largely depends on the quality of the puzzles
game; no player would prefer to change his strategy i.e. how the PDM levels are used and differentiated
as that would lower his payoffs given that all other using puzzles at application layer. Moreover the
players are adhering to the prescribed strategy. This security and maintenance of database consisting of
paper uses the concept of Nash equilibrium in a puzzles at the defenders side is an important issue
prescriptive way rather than only in descriptive way. which should be considered. In the game theory
Use of Nash equilibrium in prescriptive way does approach both the attacker and defender will try to
not lead to exhaustion of defenders resources as the increase their pay-off and at the same tries to gain
difficulty level of puzzles, random number more by reducing the counterpart’s pay-off. The
generators and other parameters are so adjusted to attempt of a defender will be considered optimum if
achieve the same. the pay-off of a defender; legitimate user is
Fig. 1 Client Puzzle Approach Here we calculate maximum and is minimum for the attacker. Some
each player’s payoff using game theory concepts. other important concepts have been discussed
We calculate defender’s payoff and attacker’s below: 6.1 Pushback Let us discuss some issues that
payoff. The payoff is considered through actions may affect the way Pushback [35] could be
QT, RA, and CA, which stand for quitting (no deployed. First off, it is fairly obvious that the
answer), random answer to puzzle, and correct pushback is most effective when an attack is non-
answer to the puzzle. It is assumed that a legitimate isotropic; in other words, there will be routers fairly
user always solves the puzzles and returns correct close to the target where most of the attack traffic
answers. Assume that the defender uses an easy will be arriving from a subset of the input links.
puzzle P1 and a difficult puzzle P2 to defend him. That is a fairly safe assumption; even the biggest
αm -> time spend by defender in providing attacks do not involve more than a few thousand
the service. compromised machines, and there are many millions
αpp -> time taken by defender to produce a of machine on the Internet. It would be particularly
puzzle. hard for an attacker to ensure that the attack slaves
αVp ->time taken by defender to verify the are evenly distributed with respect to the target.
solution. Another issue to examine is what fraction of the
αSP1-> expected time of attacker to spend attack traffic originates from hosts served by the
to solve P1. same ISP as the target. The smaller the ISP, the
Defender chooses the puzzles P1 and P2 such that smaller that fraction will be, and even the largest of
αSP1 < αm < αSP2 the top-tier ISPs will have a sizeable fraction of
On receiving a puzzle, the attacker may choose from attacks originating from the outside. While an ISP
one among the following actions: can unilaterally deploy Pushback in its routers,
When attacker selects CA for puzzle Pi unless agreements with its peering ISPs are made on
Pi: CA = αm + αPP + αV P − αSPi how to honor pushback requests (an issue fraught
When attacker selects RA for puzzle Pi with security and policy issues), said ISP will have
Pi: RA = αm + αPP + αV P to take advantage of pushback as best as it can.
Defender’s Time: Now, in general, an ISP’s network can be thought of
Pi: X = -αPP - αV P - αm + αSPi as a cloud where clients attach (on edge routers) and
We are using four Puzzle-based Defence which connects to other ISPs at peering points
Mechanism based on Nash equilibrium. They are (private or public). An ISP’s network can thus be
Open-Loop Solutions: Open-loop is history viewed as a single virtual router, with multiple
independent solution.PDM1(Puzzle-based Defence inputs and multiple outputs. If, in addition to output
755 | P a g e
6. Vancha Maheshwar Reddy, B Sandhya Rani, J Vedika, Ch. Veera Reddy / International
Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 1, January -February 2013, pp.751-757
rate limiting, we were to implement input rate REFERENCES
limiting, then the following variation of pushback [1] D. Moore, C. Shannon, D.J. Brown, G.M.
could be considered: when an edge router detects an Voelker, and S. Savage,“Inferring Internet
attack toward one of its attached customers, it tries Denial-of-Service Activity,” ACM
to pushback determine what fractions of the attack Trans.Computer Systems, vol. 24, no. 2, pp.
traffic are coming through the border routers of the 115-139, May 2006.
ISP. This could be done with some variation of [2] A. Hussain, J. Heidemann, and C.
ITRACE or marking by the border routers that Papadopoulos, “A Frameworkfor Classifying
would be caught and examined at the edge routers. Denial of Service Attacks,” Proc.
Then, using (authenticated) tunnels to the border ACMSIGCOMM ’03, pp. 99-110, 2003.
routers, the edge router would ask them to apply [3] A.R. Sharafat and M.S.Fallah, “A Framework
input rate limiting to the requested aggregate. If this for the Analysisof Denial of Service
is deemed undoable, input rate limiting on the Attacks,” The Computer J., vol. 47, no. 2,pp.
border routers would still be useful in that it would 179-192, Mar. 2004.
effectively extend pushback by one more hop [4] Mehran S. Fallah, A Puzzle-Based Defence
without the cooperation of the (upstream, belonging Strategy AgainstFlooding Attacks Using
to a different ISP) router. 6.2 Password Cracking In Game Theory, IEEE transactions on
a Password Cracking [36] attack an attacker tries to dependable and secure computing, vol. 7, no.
gain unauthorized access to some machine by 1, pg 5-19.
making repeated guesses at possible usernames and [5] C.L. Schuba, I.V. Krsul, M.G. Kuhn, E.H.
passwords. Password guessing can be done remotely Spafford, A. Sundaram,and D. Zamboni,
with many services; telnet, ftp, pop, rlogin, and “Analysis of a Denial of Service Attack on
imap are the most prominent services that support TCP,”Proc. 18th IEEE Symp. Security and
authentication using usernames and passwords. Privacy, pp. 208-223, 1997.
Dictionary attack is one such type of attack. A [6] Smurf IP Denial-of-Service Attacks. CERT
Dictionary attack uses a targeted technique of Coordination Center,Carnegie Mellon Univ.,
successively trying all the words in an exhaustive 1998.
list called a dictionary which is a pre-arranged list of [7] Denial-of-Service Tools. CERT Coordination
values. In contrast with a brute force attack, where a Center, CarnegieMellon Univ., 1999.
large proportion key space is searched [8] J. Ioannidis and S. Bellovin, “Implementing
systematically, a dictionary attack tries only those Pushback: Router- Bssed Defence against
possibilities which are most likely to succeed DDoS Attacks,” Proc. Network
typically derived from a list of words for example a andDistributed System Security Symp.
dictionary or a bible etc. Dictionary attacks succeed (NDSS ’02), pp. 6-8, 2002.
because many people have a tendency to choose [9] D. Song and A. Perrig, “Advanced and
passwords which are short (7 characters or fewer), Authenticated MarkingSchemes for IP
single words found in dictionaries or simple, easily- Traceback,” Proc. IEEE INFOCOM ’01, pp.
predicted variations on words, such as appending a 878-886,2001.
digit. [10] A. Yaar, D. Song, and A. Perrig, “SIFF: A
Stateless Internet FlowFilter to Mitigate
VII. CONCLUSION DDoS Flooding Attacks,” Proc. IEEE
Game theory has been used in this paper to Symp.Security and Privacy, pp. 130-146,
provide defence mechanisms for flooding attacks 2004.
using puzzles. The interaction between the defender [11] E. Bursztein and J. Goubalt-Larrecq. A
and attacker is considered as an infinitely repeated logical framework for evaluating network
game of discounted payoffs. The mechanism has resilience againstfaults and attacks. Lecture
been divided into different levels. This paper has Notes in Computer Science; Vol. 4846, 2007
also described the architecture of a client puzzle [12] W. Sun, X. Kong, D. He, and X. You.
protocol. The algorithm selected for the client Information security problem research based
puzzle can be implemented on almost any platform. on game theory. International Symposium on
For the scenario in which an attacker carries out a Publication Electronic Commerce and
DDoS attack, we modelled the actions of the Security, 2008.
attacker as intensities or data rates employed in [13] R. C. Merkle. “Secure Communications Over
carrying out the attack. And to develop a trace back Insecure Channels,” In Communications of
system that can trace a single packet so that the data the ACM. April, 1978.
of the whole message is saved and to reduced [14] A. Juels and J. Brainard. “Client Puzzles: A
eavesdropping risks. cryptographic defence against connection
depletion attacks,” In Proceedings of NDSS
756 | P a g e
7. Vancha Maheshwar Reddy, B Sandhya Rani, J Vedika, Ch. Veera Reddy / International
Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 1, January -February 2013, pp.751-757
’99 (Networks and Distributed Systems at:http://www.ftp.cl.cam.ac.uk/ftp/papers/djw
Security), 1999, pages 151-165. -rmn/djw-rmn-tea.html. November, 1994.
[15] T. Aura, P. Nikander, and J. Leiwo. “DoS- [28] A. J. Menezes, P. C. van Oorschot, and S. A.
Resistant Authentication with Client Vanstone. “Handbook of Applied
Puzzles,” Lecture Notes in Computer Cryptography.”CRC Press, 1996.
Science, vol. 2133, 2001. [29] W. Sun, X. Kong, D. He, and X. You.
[16] C. Dwork and M. Naor. “Pricing via Information security problem research based
Processing or Combating Junk Mail,” In on game theory. International Symposium on
Advances in Cryptology – Crypto ’92.Spring- Publication Electronic Commerce and
Verlag, LNCS volume 740, pp. 129-147, Security, 2008.
August 1992. [30] R. C. Merkle. “Secure Communications Over
[17] J. Xu and W. Lee. Sustaining availability of Insecure Channels,” In Communications of
web services under distributed denial of the ACM. April, 1978.
service attacks. IEEE Transactions on [31] Timothy J. McNevin, Jung-Min Park, and
Computers, pages 195–208, 2003. Randolph Marchany. “pTCP: A Client Puzzle
[18] Q. Wu, S. Shiva, S. Roy, C. Ellis, V. Datla, Protocol For Defending Against Resource
and D. Dasgupta. On Modeling and Exhaustion Denial of Service Attacks”
Simulation of Game Theory-based Defense [32] K. Lye and J.M. Wing. Game strategies in
Mechanisms against DoS and DDoS Attacks. network security.In Proceedings of the 15th
43rd Annual Simulation Symposium IEEE Computer Security Foundations
(ANSS10), part of the 2010 Spring Workshop, 2002.
Simulation MultiConference, April 11-15, [33] S. Roy, C. Ellis, S. Shiva, D. Dasgupta, V.
2010. Shandilya, and Q. Wu. A survey of game
[19] W. Feng, E. Kaiser, W. Feng, and A. Luu, theory as applied to network security. The
“The Design andImplementation of Network 43rd Hawaii International Conference on
Puzzles,” Proc. 24th Ann. Joint Conf.IEEE System Sciences, 2010.
Computer and Comm. Societies, pp. 2372- [34] Mehran S. Fallah, A Puzzle-Based Defense
2382, 2005. Strategy Against Flooding Attacks Using
[20] X. Wang and M. Reiter, “Defending Against Game Theory, IEEE TRANSACTIONS ON
Denial-of-ServiceAttacks with Puzzle DEPENDABLE AND SECURE
Auctions,” Proc. IEEE Security and COMPUTING, VOL. 7, NO. 1, JANUARY-
Privacy,pp. 78-92, 2003. MARCH 2010
[21] ShibiaoLin ,Tzi-ckerChiueh A Survey on [35] John Ioannidis, Steven M. Bellovin,
Solutions to Distributed Denial of Service Implementing Pushback: Router-Based
Attacks Defense Against DDoS Attacks
[22] Vicky Laurens, Abdulmotaleb El Saddik, and [36] Tanmay Sanjay Khirwadkar, Defense Against
Amiya Nayak, Requirements for Client Network Attacks Using Game Theory,
Puzzles to Defeat the Denial of Service and University Of Illinois At Urbana-Champaign,
the Distributed Denial of Service Attacks 2011
[23] B. Bencsath, I. Vajda, and L. Buttyan, “A [37] Timothy J. McNevin, Jung-Min Park, and
Game Based Analysis of the Client Puzzle Randolph Marchany, pTCP: A Client Puzzle
Approach to Defend Against DoS Attacks,” Protocol For Defending Against Resource
Proc. 11th Int’l Conf. Software, Telecomm., Exhaustion Denial of Service Attacks
and Computer Networks, pp. 763- 767, 2003.
[24] Merkle R.C., “Secure Communications Over
Insecure Channels,” Communications of
ACM, vol. 21, no.4, pp.294-299, April 1978
[25] A. Juels and J. Brainard. “Client Puzzles: A
cryptographic defense against connection
depletion attacks,” In Proceedings of NDSS
’99 (Networks and Distributed Systems
Security), 1999, pages 151-165.
[26] T. Aura, P. Nikander, and J. Leiwo. “DoS-
Resistant Authentication with Client
Puzzles,” Lecture Notes in Computer
Science, vol. 2133, 2001.
[27] D. Wheeler and R. Needham. “TEA, a Tiny
Encryption Algorithm,” Unpublished
Manuscript. Available
757 | P a g e