New Approach to Mitigating Distributed Service Flooding Attacks

Distributed denial of service (DDoS) attacks pose great threat to the Internet and its public services. Various computation-based cryptographic puzzle schemes have been proposed to mitigate DDoS attacks when detection is hard or has low accuracy. Yet, existing puzzle schemes have shortcomings that limit their effectiveness in practice. First, the effectiveness of computation-based puzzles decreases, as the variation in the computational power of clients increases. Second, while mitigating the damage caused by the malicious clients, the puzzle schemes also require the benign clients to perform the same expensive computation that doesn’t contribute to any useful work from the clients’ perspective. In this study, we introduce guided tour puzzles, a novel puzzle scheme that addresses these shortcomings. The guided tour puzzle scheme uses latency — as opposed to computational delay — as a way of forcing sustainable request arrival rate on clients. We evaluate the DoS mitigation effectiveness of the scheme in a realistic simulation environment, and show that guided tour puzzle scheme provides a strong mitigation of request flooding DDoS and puzzle solving DDoS attacks. Keywords-denial of service, availability, tour puzzles, proof of work, client puzzles, cryptography