Exploring DDoS Mitigation with Client Puzzles
Primary Investigator:
Research Independant
Andrew Walkowski, Theodore Yin, and Dr. Mohammad Noureddine noureddi@rose-hulman.edu
Abstract
In this paper, we propose a new defense strategy against volumetric distributed denial-of-service (DDoS) attacks that uses cryptography capabilities. Volumetric DDoS attacks aim to overwhelm a target system with fake traffic, often disrupting services or causing downtime. Volumetric DDoS attacks are getting more common as the cost to run an attacker gets cheaper year by year. Existing defenses like absorption and traffic filtering have significant downsides, such as high costs or blocking normal traffic. Our proposed defense uses client-to-router crypto puzzles. The puzzles provide proof of work for the source of traffic and information about the source to better filter the traffic. In our evaluation, we will simulate our defense versus other strategies to present the benefits. We establish a baseline for normal traffic and the effects of a request flood attack. The simulation data will show the tradeoffs of each strategy in mitigating volumetric DDoS attacks. After analyzing the data collected we concluded that client puzzles deserve to be reintroduced as a tool for network security.