![Related Works
Prachi Gulihar, B.B. Gupta RTEICT-2018 5/ 15
Approach Advantages Limitations
Router based Pushback with
Client Puzzles [8]
Puzzle work load is transferred to the
upstream path routers which decreases
work load of processing on the path
routers.
It is not effective in performing rate-limiting defense on
the malicious traffic inside the aggregate.
Fails to mitigate the attack traffic which is distributed
within the inbound links in a uniform manner.
Software Puzzle [6]
Attackers cannot inflate their puzzle-
solving capabilities using GPU.
Can be easily integrated with the data
puzzle schemes existing on the server side
because it is made upon a data puzzle.
Easily deployed.
Generation of puzzle at the server side makes it a time
consuming process as the victim server only has to put in
time for construction of the puzzle.
No provision for construction of the software puzzle at
the client-side.
Bitcoin Blockchain [4]
Fair client puzzles are computed
independent of power of client machine’s
computing resources.
Client cannot save the puzzles to respond
afterwards at a later stage with an
overwhelming count of correct puzzle
solutions at a single point of time.
Blocks in a bitcoin blockchain are generated
approximately every ten minutes which is makes it
impractical for client puzzle applications.
Game Theory with Nash
equilibrium [9]
Applicable in defending both distributed
and single-source attacks.
Does not support larger payoffs to be feasible in the
game.
Outsourced puzzles [5]
Robust puzzle distribution mechanism.
Offline computation of puzzles
One server is able to compute tokens associated with
other servers resulting in diffusion of trust across other
participants.
Standard Model Client Puzzles
[7]
Less number of modular multiplication
operations for puzzle generation by
defending server.
Faster cumulative verification time.
Slower puzzle generation time.
Slower solution verification time as compared to hash
based puzzles.](https://image.slidesharecdn.com/prachirteictppt-190819073744/85/Anomaly-based-PoW-Defense-5-320.jpg)
![Description Of Algorithm
Time range (tx, ty) is the transition period of ddos attack.
Input: Incoming traffic Xin
Start Vin = null;
//set initial volume metric as null
Fetch (Xin[t], Vin[t]);
If (Vin[t] < V[tx ]) //no defense
{Forward_ISP (Xin[t])}
//client puzzle P
ElseIf (V[tx] < Vin[t] < V[ty])
{S : Generate(P);
S -> C : Send(P);
C : S=Solve(P);
C->S : Send(S);
If (S==Solution[P])
{Forward_ISP (Xin[t]);}
Else
{Forward_Garbage(Xin[t]);}}
Prachi Gulihar, B.B. Gupta RTEICT-2018 9/ 15
//dynamic provisioning
Else
{Forward_DPM(Xin[t]);}
Forward_ISP (Xin[t])
{Handle (Xin[t]);}
//diversion
Forward_DPM(Xin[t])
{Send(Xin[t]) -> PolicyHandler;
Forward(Xin[t]) -> HelpingServers; }
//blacklisting
Forward_Garbage(Xin[t])
{Discard(Xin[t]);
SourceIP(Xin[t]) -> logServer; }
End](https://image.slidesharecdn.com/prachirteictppt-190819073744/85/Anomaly-based-PoW-Defense-9-320.jpg)
Anomaly based PoW Defense
- 1. IEEE International ConferenceOn RecentTrendsInElectronicsInformation CommunicationTechnology,May18-19,2018, India Anomaly based Mitigation of Volumetric DDoS Prachi Gulihar B.B. Gupta National Institute of Technology, Kurukshetra,India Prachi Gulihar, B.B. Gupta 1/ 15RTEICT-2018 Attack Using Client Puzzle as Proof-of-Work
- 2. Table of Contents 1 Introduction 2 Related Works 3 Proposed Model 4 Description of the Algorithm 5 Simulation Analysis 7 Conclusion and Future Work Prachi Gulihar, B.B. Gupta RTEICT-2018 2/ 15 6 Advantages References8
- 3. Introduction Nowadays the Internet plays a vital role in the growth of the economy for any nation. 1DDoS attacks are one of the major threat that hurting this growth as it affects the systems and network which uses the Internet for their business work. In DDoS attacks, victims bandwidth is flooded with the excessive amount of malicious or fake traffic due to which, the victim is unable to serve the legitimate users. 1 J. MirkovicandP. Reiher,“A taxonomyofddosattackandddosdefensemechanisms,”ACMSIGCOMM ComputerCommunication Review,vol.34,no.2, pp.39–53, 2004. Prachi Gulihar, B.B. Gupta RTEICT-2018 3/ 15
- 4. Figure 1: DDoS attack vector frequency Prachi Gulihar, B.B. Gupta RTEICT-2018 4/ 19 30 16 8 7 6 12 4 2 10 0 10 20 30 40
- 5. Related Works Prachi Gulihar, B.B. Gupta RTEICT-2018 5/ 15 Approach Advantages Limitations Router based Pushback with Client Puzzles [8] Puzzle work load is transferred to the upstream path routers which decreases work load of processing on the path routers. It is not effective in performing rate-limiting defense on the malicious traffic inside the aggregate. Fails to mitigate the attack traffic which is distributed within the inbound links in a uniform manner. Software Puzzle [6] Attackers cannot inflate their puzzle- solving capabilities using GPU. Can be easily integrated with the data puzzle schemes existing on the server side because it is made upon a data puzzle. Easily deployed. Generation of puzzle at the server side makes it a time consuming process as the victim server only has to put in time for construction of the puzzle. No provision for construction of the software puzzle at the client-side. Bitcoin Blockchain [4] Fair client puzzles are computed independent of power of client machine’s computing resources. Client cannot save the puzzles to respond afterwards at a later stage with an overwhelming count of correct puzzle solutions at a single point of time. Blocks in a bitcoin blockchain are generated approximately every ten minutes which is makes it impractical for client puzzle applications. Game Theory with Nash equilibrium [9] Applicable in defending both distributed and single-source attacks. Does not support larger payoffs to be feasible in the game. Outsourced puzzles [5] Robust puzzle distribution mechanism. Offline computation of puzzles One server is able to compute tokens associated with other servers resulting in diffusion of trust across other participants. Standard Model Client Puzzles [7] Less number of modular multiplication operations for puzzle generation by defending server. Faster cumulative verification time. Slower puzzle generation time. Slower solution verification time as compared to hash based puzzles.
- 6. Work Done Proposed a multi-level defense approach using congestion level control and anomaly based techniques can be explained by the following four steps which are executed in a consecutive manner of execution: Detection of DDOS attack. Challenging the attacking sources. Suppression of malicious packets. Diverting the traffic flood. Prachi Gulihar, B.B. Gupta RTEICT-2018 6/ 15
- 7. Proposed Model Figure 2: Framework of Proposed Approach Prachi Gulihar, B.B. Gupta RTEICT-2018 7/ 15
- 8. Description of the Algorithm In the incoming traffic, every incoming packet is placed into its respective module, according to the volume of the attack traffic – normal, caution, peak. If this volume is less than the normal level then the defense mechanism is not activated and the traffic is sent to the destination machine. If the volume destined towards the victim rises above the caution level, then the puzzle generation module is activated which checks the packets for PoW as authority to send requests to the server. Only the authorized client requests are forwarded. If the volume of the incoming traffic rises above the peak level, then all of the traffic is diverted to dynamic provisioning module. Prachi Gulihar, B.B. Gupta RTEICT-2018 8/ 15
- 9. Description Of Algorithm Time range (tx, ty) is the transition period of ddos attack. Input: Incoming traffic Xin Start Vin = null; //set initial volume metric as null Fetch (Xin[t], Vin[t]); If (Vin[t] < V[tx ]) //no defense {Forward_ISP (Xin[t])} //client puzzle P ElseIf (V[tx] < Vin[t] < V[ty]) {S : Generate(P); S -> C : Send(P); C : S=Solve(P); C->S : Send(S); If (S==Solution[P]) {Forward_ISP (Xin[t]);} Else {Forward_Garbage(Xin[t]);}} Prachi Gulihar, B.B. Gupta RTEICT-2018 9/ 15 //dynamic provisioning Else {Forward_DPM(Xin[t]);} Forward_ISP (Xin[t]) {Handle (Xin[t]);} //diversion Forward_DPM(Xin[t]) {Send(Xin[t]) -> PolicyHandler; Forward(Xin[t]) -> HelpingServers; } //blacklisting Forward_Garbage(Xin[t]) {Discard(Xin[t]); SourceIP(Xin[t]) -> logServer; } End
- 10. Simulation Analysis Basic network to test flooding attack is set up with the help of Network Simulator 2. Anticipation of mitigation rate of the proposed framework is done under two conditions. Firstly, when the defense mechanism is in place and secondly, without it. A heterogeneous network comprising of different types of traffic is taken, and defense is done under three attack load condition of the network traffic. Simulation of the model is tested under the two types of DDoS attack: TCP flood and UDP flood. In Dynamic Provisioning Module simulation, minimum charge policy in kept in policy handler. Prachi Gulihar, B.B. Gupta RTEICT-2018 1 0 / 15
- 11. Simulation Analysis Figure 3: Packet distribution Between under Normal and DDoS attack Scenario (a) Benign packets , (b) Malicious packets Prachi Gulihar, B.B. Gupta RTEICT-2018 11/ 15
- 12. Advantages Lineal Deployment: The PoW ensures easy deployment on the existing infrastructure without any major modifications on server machine. On-Demand DDoS Mitigation: Defense comes under action only when the attack is happening else remains inactive which lowers the maintenance costs. Non-distinguishable DDoS Defense: Proof-of-Work (PoW) scheme prioritises the connection requests reducing the collateral damage done to the legitimate traffic due to non-filteration of malicious traffic. Risk Transfer: The Risk Transfer mechanism is well suited for the securing network layer attacks as even if the internal devices are unsecure, dynamic provisioning is enough to prevent DDoS attacks. Prachi Gulihar, B.B. Gupta RTEICT-2018 12/ 15
- 13. Conclusion and Future Work This method authenticates and permits only the authoritative clients to gain access to the services offered by the server using client puzzles as Proof-of-Work (PoW). This volume based activation of defense scheme ensures the design goal of on-demand mitigation. . Our future work will be focus on testing the proposed approach in the real-time environment, as well with more attack scenarios. The research problem of helping servers allowing others to use their machine in DDoS defense for money is an interesting part to investigate. Prachi Gulihar, B.B. Gupta RTEICT-2018 1 3 / 15
- 14. References 1. Britton T., Liu-Johnston I., Cugnière I., Gupta S., Rodriguez D., Barbier J., & Tricaud, S. Analysis of 24 Hours Internet Attacks. 2. Khor, S. H.. “Deployable Mechanisms for Distributed Denial-of-Service (DDoS) Attack Mitigation” , 2010. 3. Kumarasamy, Saravanan, and R. Asokan. "Distributed Denial of Service (DDoS) Attacks Detection Mechanism." arXiv preprint arXiv:1201.2007 , 2012. 4. Wu, Yongdong, et al. "Software puzzle: A countermeasure to resource-inflated denial- of-service attacks." IEEE Transactions on Information forensics and security 10.1, 2015: 168-177. 5. Boyd, Colin, and Christopher Carr. "Fair client puzzles from the bitcoin blockchain." Australasian Conference on Information Security and Privacy. Springer, Cham, 2016. 6. Fallah, Mehran. "A puzzle-based defense strategy against flooding attacks using game theory." IEEE transactions on dependable and secure computing 7.1 , 2010: 5-19. 7. Waters, Brent, et al. "New client puzzle outsourcing techniques for DoS resistance." Proceedings of the 11th ACM conference on Computer and communications security. ACM, 2004. 8. Kuppusamy, Lakshmi, et al. "Practical client puzzles in the standard model." Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security. ACM, 2012. Prachi Gulihar, B.B. Gupta RTEICT-2018 14/ 15
- 15. Thank You!! Prachi Gulihar, B.B. Gupta RTEICT-2018 15/ 15