THROTTLING DDoS ATTACKS

Saraiah Gujjunoori, Taqi Ali Syed, Madhu Babu J., Avinash D., Radhesh Mohandas, Alwyn R. Pais

2009

Abstract

Distributed Denial of Service poses a significant threat to the Internet today. In these attacks, an attacker runs a malicious process in compromised systems under his control and generates enormous number of requests, which in turn can easily exhaust the computing resources of a victim web server within a short period of time. Many mechanisms have been proposed till date to combat this attack. In this paper we propose a new solution to reduce the impact of a distributed denial of service attack on a web server by throttling the client’s CPU. The concept of source throttling is used to make the client pay a resource stamp fee, which is negligible when the client is making a limited number of requests but becomes a limiting restriction when he is making a large number of requests. The proposed solution makes use of the integer factorization problem to generate the CPU stamps. We have packaged our solution as an API so that existing web applications can easily deploy our solution in a layer that is transparent to the underlying application.

References

1. L. Stein, 2002. The World Wide Web security faq, http://www.w3.org/Security/Faq/
2. Rob Malda, 1997. Slash dot faq. http://slashdot.org/faq/ slashmeta.shtml#sm600
3. B. Clifford Neuman and Stuart G. Stubblebine, 1993. A Note on the Use of Timestamps as Nonce.
4. Roger M. Needham and Michael D.Schroeder, 1978. Using encryption for authentication in large networks of computers.
5. Adam Back, 2002. Hashcash - A Denial of Service Counter-Measure.
6. XiaoFeng Wang and Michael K. Reiter, 2003. Defending against denial-of-service attacks with puzzle auctions.
7. Tuomas Aura, P Nikander and Jussipekka Leiwo, 2000. DOS-Resistant Authentication with Client Puzzles.
8. Martin Abadi, M Burrows, Mark Manasse, and T Wobber, 2003. Moderately hard, memory-bound functions.
9. Drew Dean and Adam Stubblefield, 2001. Using client puzzles to protect TLS.
10. Cynthia Dwork and Moni Naor, 1992. Pricing via processing or combatting junk mail.
11. Ari Juels and John Brainard, 1999. Client puzzles: A cryptographic countermeasure against connection depletion attacks.
12. A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, 1996. Handbook of Applied Cryptography.
13. D. J. Bernstein, 2006. Integer factorization.

Paper Citation

in Harvard Style

Gujjunoori S., Ali Syed T., Babu J. M., D. A., Mohandas R. and R. Pais A. (2009). THROTTLING DDoS ATTACKS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009) ISBN 978-989-674-005-4, pages 121-126. DOI: 10.5220/0002229001210126

in Bibtex Style

@conference{secrypt09,
author={Saraiah Gujjunoori and Taqi Ali Syed and Madhu Babu J. and Avinash D. and Radhesh Mohandas and Alwyn R. Pais},
title={THROTTLING DDoS ATTACKS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)},
year={2009},
pages={121-126},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002229001210126},
isbn={978-989-674-005-4},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)
TI - THROTTLING DDoS ATTACKS
SN - 978-989-674-005-4
AU - Gujjunoori S.
AU - Ali Syed T.
AU - Babu J. M.
AU - D. A.
AU - Mohandas R.
AU - R. Pais A.
PY - 2009
SP - 121
EP - 126
DO - 10.5220/0002229001210126