Anomaly based Mitigation of Volumetric DDoS Attack Using Client Puzzle as Proof-of-Work

摘要

Increasing use of Internet has made its users vulnerable to various types of attacks like Distributed Denial of Service (DDoS) attack which makes the resources unavailable to the benign user. Many mechanisms exist against DDoS attack for its detection, prevention, response and mitigation. One such technique is use of client puzzle which has main motive to prevent the attackers from flooding the Internet Service Provider (ISP) network by checking the incoming packets for the sending rights in the form of client puzzle solution. In this paper, we present a combination of anomaly and volume based approaches to safeguard the victim network from DDoS attack by checking the sender for having sending rights which are granted against a challenge puzzle generated by client puzzle module and diverting the attack traffic to dynamic provisioning module when the flooding traffic is becoming cumbersome to be handled by the victim. This technique is dynamic in nature which is activated on the basis of volume of traffic being flooded towards the victim. NS2 network simulator is used to simulate the proposed approach. The proposed approach limits various limitations of existing approaches, i.e. it reduces the collateral damage by distinguishing packets having Proof of Work (PoW). The simulation results depict high malicious packet drop rate and less benign packet drop rate.