Abstract
Ease of data availability in the client server model of the Internet comes with issues like Denial of Service which is an attack devised by the malicious clients to restrict the legitimate clients from using services offered by the server. In DDoS, the attacker asks the server for its resources and keeps the resources engaged. Distributed denial of service attack is performed on a large scale by using many malicious clients to flood the server with requests. In this paper, we address the problem of mitigating the effects of distributed denial of service attacks. We use a ringer-based approach in which a polynomial is sent as challenge to each requesting party. If the service is to be availed, the requesting client must send the correct value of the polynomial at a point fixed by the server and unknown to the client. Unlike previous approaches, the proposed approach to throttle the attacking clients does not rely on operations over large numbers thereby leading to far less computation overhead on the server for validating the clients and forcing the client to devote considerable computation efforts to gain access to a service. This makes the proposed solution more scalable with guaranteed security even if the system is exposed to a very large number of potential attackers. The proposed solution also defends against an intelligent client who tries to solve the polynomial using a random guess or by doing constant number of computations.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abadi, M., Burrows, M., Manasse, M., Wobber, T.: Moderately hard, memory-bound functions. ACM Trans. Internet Technol. (TOIT) 5(2), 299–327 (2005)
Ali, S.T., Sultana, A., Jangra, A.: Mitigating DDoS attack using random integer factorization. In: 2016 Fourth International Conference on Parallel, Distributed and Grid Computing (PDGC), pp. 699–702, December 2016
Aura, T., Nikander, P., Leiwo, J.: DOS-resistant authentication with client puzzles. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 170–177. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44810-1_22
Back, A., et al.: Hashcash-a denial of service counter-measure. Technical report (2002)
Crosby, S.A., Wallach, D.S.: Denial of service via algorithmic complexity attacks. In: USENIX Security, vol. 2 (2003)
Darapureddi, A., Mohandas, R., Pais, A.R.: Throttling DDoS attacks using discrete logarithm problem. In: Proceedings of the 2010 International Conference on Security and Cryptography (SECRYPT), pp. 1–7. IEEE (2010)
Dean, D., Stubblefield, A.: Using client puzzles to protect TLS. In: USENIX Security Symposium, vol. 42 (2001)
Golle, P., Mironov, I.: Uncheatable distributed computations. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 425–440. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45353-9_31
Gu, Q., Liu, P.: Denial of service attacks. In: Bidgoli, H. (ed.) Handbook of Computer Networks: Distributed Networks, Network Planning, Control, Management, and New Trends and Applications, vol. 3, pp. 454–468. Wiley, Hoboken (2007)
Gujjunoori, S., Syed, T.A., Madhu Babu, J., Darapureddi, A., Mohandas, R., Pais, A.R.: Throttling DDoS attacks. In: Proceedings of the 2009 International Conference on Security and Cryptography (SECRYPT), pp. 121–126. INSTICC Press (2009)
Jin, C., Wang, H., Shin, K.G.: Hop-count filtering: an effective defense against spoofed DDoS traffic. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 30–41. ACM (2003)
Juels, A., Brainard, J.G.: Client puzzles: a cryptographic countermeasure against connection depletion attacks. In: NDSS 1999, pp. 151–165 (1999)
Li, X., Wang, Y., Zhang, Y.: Session initiation protocol denial of service attack throttling. uS Patent Ap. 13/944,156, 22 January 2015. https://www.google.com/patents/US20150026793
Malialis, K., Kudenko, D.: Multiagent router throttling: decentralized coordinated response against DDoS attacks. In: IAAI (2013)
Mirkovic, J., Prier, G., Reiher, P.: Attacking DDoS at the source. In: Proceedings of the 10th IEEE International Conference on Network Protocols, pp. 312–321. IEEE (2002)
Sion, R.: Query execution assurance for outsourced databases. In: Proceedings of the 31st International Conference on Very Large Data Bases, VLDB 2005, pp. 601–612. VLDB Endowment (2005)
Wang, X., Reiter, M.K.: Defending against denial-of-service attacks with puzzle auctions. In: Proceedings of Symposium on Security and Privacy, pp. 78–92. IEEE (2003)
Wong, F., Tan, C.X.: A survey of trends in massive DDoS attacks and cloud-based mitigations. Int. J. Netw. Secur. Appl. 6(3), 57 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sawant, S.V., Pareek, G., Purushothama, B.R. (2017). A Ringer-Based Throttling Approach to Mitigate DDoS Attacks. In: Thampi, S., MartÃnez Pérez, G., Westphall, C., Hu, J., Fan, C., Gómez Mármol, F. (eds) Security in Computing and Communications. SSCC 2017. Communications in Computer and Information Science, vol 746. Springer, Singapore. https://doi.org/10.1007/978-981-10-6898-0_8
Download citation
DOI: https://doi.org/10.1007/978-981-10-6898-0_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-6897-3
Online ISBN: 978-981-10-6898-0
eBook Packages: Computer ScienceComputer Science (R0)