A Puzzle-Based Defense Strategy Against Flooding Attacks Using Game Theory

INTRODUCTION:
Availability of services in a networked system is a security concern that has received enormous attention in recent years. Most researches in this area are on designing and verifying defense mechanisms against denial-of-service (DoS) attacks. A DoS attack is characterized by a malicious behavior, which prevents the legitimate users of a network service from using that service. There are two principal classes of these attacks: flooding attacks and logic attacks. A flooding attack such as SYN flood, Smurf, or TFN2K sends an overwhelming number of requests for a service offered by the victim. These requests deplete some key resources at the victim so that the legitimate users requests for the same are denied. A resource may be the capacity of a buffer , CPU time to process requests, the available band width of a communication channel, etc. This paper uses the concept of Nash equilibrium not only in a descriptive way but also a prescriptive one. In doing so , he difficulty level of puzzles, random number generators , and the other parameters of a puzzle-based defense are so adjusted that the attackers optimum strategy, prescribed by the Nash equilibrium, does not lead to the exhaustion of defenders resources. If the defender takes his part in the Nash equilibrium prescription as his defense against flooding attacks, the best thing for the attacker to do is to be inconformity with the prescription as well.

SCOPE OF THE PROJECT:

The games well suited to the modeling of possible interactions between a defender and an attacker in a flooding attackdefense scenario. Describes the game of the client-puzzle approach in details. Explains the technique of designing puzzle-based defense mechanisms using game theoretic solution concepts. Section 6 discusses the defense mechanisms proposed in this paper and compares them with the earlier puzzle-based defenses. It also outlines future researches in the game-theoretic study of the client-puzzle approach.

LITERATURE SURVEY: Client-puzzle approach: They bring attacks from Internet and mobile users as well. Denial-of-service (DoS) attacks aim to frustrate a legitimate user's access to mobile services or bring down servers by depleting system resources. Many approaches are proposed to thwart these attacks. A

client puzzle from the server, which forces the client to resolve it before communication, is one of these approaches. The server can adjust the difficulty levels of the puzzle for access control and against DoS attacks according to current resource consumption and communication scenario. Currently, many types of client puzzles have no fine-grained control over difficulties. In a client puzzle, the next higher difficulty level is often twice as hard as the current one. In this paper, we propose a method based on partial collisions in hash functions. Our approach provides fine-grained control over difficulties by introducing a quasi partial collision concept. The results obtained confirm the fine granularity and efficiency of our approach. We explore new techniques for the use of cryptographic puzzles as a countermeasure to Denial-ofService (DoS) attacks. We propose simple new techniques that permit the out-sourcing of puzzles; their distribution via a robust external service that we call a bastion. Many servers can rely on puzzles distributed by a single bastion. We show how a bastion, somewhat surprisingly, need not know which servers rely on its services. Indeed, in one of our constructions, a bastion may consist merely of a publicly accessible random data source, rather than a special purpose server. Our out-sourcing techniques help eliminate puzzle distribution as a point of compromise.Our design has three main advantages over prior approaches. First, it is more resistant to DoS attacks aimed at the puzzle mechanism itself, withstanding over 80% more attack traffic than

previous methods in our experiments. Second, our scheme is cheap enough to apply at the IP level, though it also works at higher levels of the protocol stack. Third, our method allows clients to solve puzzles offline, reducing the need for users to wait while their computers solve puzzles. We present a prototype implementation of our approach, and we describe experiments that validate our performance claims. Flooding DoS Attack: A denial-of-service attack (DoS attack) or distributed denialof-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is generally used with regards to computer networks, but is not limited to this field, for example, it is also used in reference to CPU resource management. There are two general forms of DoS attacks: those that crash services and those that flood services. One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as

to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.Denial-of-service attacks are considered violations of the IAB's Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations. A permanent denial-of-service (PDoS), also known loosely as phlashing,[9] is an attack that damages a system so badly that it requires replacement or reinstallation of hardware.[10] Unlike the distributed denial-of-service attack, a PDoS attack exploits security flaws which allow remote administration on the management interfaces of the victim's hardware, such as routers, printers, or other networking hardware. The attacker uses these vulnerabilities to replace a device's firmware with a modified, corrupt, or defective firmware imagea process which when done legitimately is known as flashing. This therefore "bricks" the device, rendering it unusable for its original purpose until it can be repaired or replaced.The PDoS is a pure hardware targeted attack which can be much faster and requires fewer resources than using a botnet in a DDoS attack. Because of these features, and the potential and high probability of security exploits on Network Enabled Embedded Devices (NEEDs),

this technique has come to the attention of numerous hacker communities. PhlashDance is a tool created by Rich Smith[11] (an employee of Hewlett-Packard's Systems Security Lab) used to detect and demonstrate PDoS vulnerabilities at the 2008 EUSecWest Applied Security Conference in London. GAME THEORY: Game theory is a branch of applied mathematics that is used in the social sciences, most notably in economics, as well as in biology (particularly evolutionary biology and ecology), engineering, political science, international relations, computer science, and philosophy. Game theory attempts to mathematically capture behavior in strategic situations, or games, in which an individual's success in making choices depends on the choices of others. While initially developed to analyze competitions in which one individual does better at another's expense (zero sum games), it has been expanded to treat a wide class of interactions, which are classified according to several criteria. Today, "game theory is a sort of umbrella or 'unified field' theory for the rational side of social science, where 'social' is interpreted broadly, to include human as well as non-human players (computers, animals, plants)" (Aumann 1987).Traditional applications of game theory attempt to find equilibria in these games. In an equilibrium, each player of the game has adopted a strategy that they are unlikely to change. Many equilibrium

concepts have been developed (most famously the Nash equilibrium) in an attempt to capture this idea. These equilibrium concepts are motivated differently depending on the field of application, although they often overlap or coincide. This methodology is not without criticism, and debates continue over the appropriateness of particular equilibrium concepts, the appropriateness of equilibria altogether, and the usefulness of mathematical models more generally.Although some developments occurred before it, the field of game theory came into being with mile Borel's researches in his 1938 book Applications aux Jeux des Hazard, and was followed by the 1944 book Theory of Games and Economic Behavior by John von Neumann and Oskar Morgenstern. This theory was developed extensively in the 1950s by many scholars. Game theory was later explicitly applied to biology in the 1970s, although similar developments go back at least as far as the 1930s. Game theory has been widely recognized as an important tool in many fields. Eight game theorists have won the Nobel Memorial Prize in Economic Sciences, and John Maynard Smith was awarded the Crafoord Prize for his application of game theory to biology.

DATA FLOW DIAGRAM:

CLIENT SENDS REQUEST

EFFICIENT SERVER

SENDING PUZZLE

CONNECTION ESTABLISH

FILE REQUEST

SHARING DATA

DATABASE

MODULES:
CLIENT REQUEST FLOODING DENIAL OF SERVICE ATTACK SENDING PUZZLE TO CLIENT EFFICIENT SERVER RESPONSE FILE REQUEST EFFICIENT SERVER SENDS FILE

MODULES DESCRIPTION: MODULE 1: CLIENT REQUEST: In this module A System has to ask the connection to the efficient server, the server system has to make a connection with any one efficient server for a communication. Then server process the request from the client. MODULE 2: FLOODING DENIAL OF SERVICE ATTACK: In this module the attackers sends the n number of request to the server to slow down the process of the server. Due to this process the server cant able to provide response to the client request.

MODULE 3: SENDING PUZZLE TO CLIENT: In this module a system sends puzzle to the client, the client should solve the puzzle in a particular time. The solved puzzle client should sends to efficient server or (Defenders). The server repeat this process to every client.

MODULE 4:

EFFICIENT SERVER RESPONSE:

In this module after verification of puzzle solution, if the puzzle solution is wrong server will reject the corresponding client. Efficient server provide response to authenticated client.

MODULE 5: FILE REQUEST: In this module, the client asks the (word document file) to the main server i.e (Efficient server). The Efficient server check the particular information file in the efficient server database if found send their port number.

MODULE 6: EFFICIENT SERVER SENDS FILE : In this module the efficient server sends the file to the authenticated client . The efficient server create a mutual connection to the client. After an authenticated connection the client can access the server in efficient way. MODULE DIAGRAM: CLIENT REQUEST:

EFFICIENT SERVER (CONTAIN CLIENT REQUEST)

REQUEST

CLIENT (SENDING REQUEST TO EFFICIENT SERVER)

FLOODING DENIAL OF SERVICE ATTACK:

EFFICIENT SERVER (DEFENDER) SERVER IS IN BUSY DUE TO ATTACKERS REQUEST

SENDING MULTIPLE REQUEST

CLIENT 1 (SENDING REQUEST TO SERVER)

CLIENT 2 (SENDING REQUEST TO SERVER)

CLIENT 3 ATTACKER (SENDING MULTIPLE REQUEST TO SERVER)

SENDING PUZZLE TO CLIENT:

AUTHORIZATION SERVER (SERVER SEND A PUZZLE TO CLIENT)

GAME SOLUTION
CLIENT RECEIVES PUZZLE AND FIND SOLUTION

EFFICIENT SERVER RESPONSE:

AUTHORIZATION SERVER ( AFTER PUZZLE SOLUTION VERFICATION SERVER SEND RESPONSE )

RESPONSE

AUTHORIZATION CLIENT

FILE REQUEST:

AUTHORIZATION SERVER

FILE REQUEST TO DATABASE

DATABASE ( CONTAINS FILE)

CLIENT (SENDING FILE TO SERVER)

EFFICIENT SERVER SENDS FILE:

AUTHORIZATION SERVER (SENDING REQUESTED FILE TO THE CLIENT)

SENDING FILE

AUTHORIZATION CLIENT

ALGORITHM: DEFENSE STRATEGIES o Open-Loop Solutions o Closed-Loop Solutions

DEFENSE STRATEGIES: The solution concepts of infinitely repeated games with discounting to design the optimum puzzle-based defense strategies against flooding attacks. In general, the strategies prescribed by such solutions are divided into two categories: history independent (open loop) and history dependent (closed loop).

Open-Loop Solutions: In an open-loop strategy, the action profiles adopted at previous periods are not involved in a players decision at the current period. More formally, in the repeated-game of the client-puzzle approach.

Closed-Loop Solutions: However, there are many payoff vectors in the convex hull with greater payoffs for the defender. Thus, here, a natural question

arises: Is there a better fair solution to the game, which results in a greater payoff to the defender as proven in the games of perfect information, there is a large subset of the convex hull whose payoff vectors can be supported by perfect Nash equilibria provided that suitable closed-loop strategies are adopted.

SYSTEM DESIGN: USE CASE DIAGRAM:

REQUEST EFFICIENT SERVER ATTACKER

PUZZLE

SENDING PUZZLE TO CLIENT

CLIENT

SOLUTION FROM CLIENT

SENDING REQUESTED FILE

CLASS DIAGRAM:

STATE DIAGRAM:

EFFICIENT CLIENT

EFFICIENT SERVER

SENDING PUZZLE

AUTHENTICATION CONNECTION

SENDING FILE TO CLIENT

SEQUENCE DIAGRAM:

EFFICIENT CLIENT REQUEST

EFFICIENT SERVER

ATTACKERS

REQUEST

SENDING PUZZLE

SENDING PUZZLE

ACCURATE SOLUTION

INCORRECT SOLUTION

AUTHENTICATED CONNECTION

FILE REQUEST

SEND FILE TO CLIENT

COLLABORATION DIAGRAM:

3: SENDING PUZZLE 7: AUTHENTICATED CONNECTION 9: SEND FILE TO CLIENT

EFFICIENT CLIENT

EFFICIENT SERVER

1: REQUEST 5: ACCURATE SOLUTION 8: FILE REQUEST

4: SENDING PUZZLE

2: REQUEST 6: INCORRECT SOLUTION

ATTACK ERS

COMPONENT MODEL:

ATTACK ERS

EFFICIENT SERVER

EFFICIENT CLIENT

SYSTEM ARCHITECTURE:

EFFICIENT CLIENT 1

EFFICIENT CLIENT 2

ATTACKERS

SENDING PUZZLE TO EACH REQUESTED FILE REJECT THE ATTACKERS

EFFICIENT SERVER

SEND FILES

PRIMARY DATABASE

SECONDARY DATABASE

APPLICATIONS: FILE SHARING IN NETWORK

ADVANTAGE: o Proposed puzzle using game theory, thus attacker cannot solve the puzzles. o Without solves the game theory puzzle attackers cannot performs an intense attack.

CONCLUSION: This paper utilizes game theory to propose a number of puzzle-based defenses against flooding attacks. It is shown that the Interactions between an attacker who launches a flooding attack and a defender who counters the attack using a puzzle-based defense can be modeled as an infinitely repeated game of discounted payoffs. Then, the solution concepts of this type of games are deployed to find the solutions, i.e., the best strategy a rational defender can adopt in the face of a rational attacker. In this way, the optimal puzzle-based defense strategies are developed.

REFERENCE OR BIBLIOGRAPHY: D. Moore, C. Shannon, D.J. Brown, G.M. Voelker, and S. Savage, Inferring Internet Denial-of-Service Activity, ACM Trans.Computer Systems, vol. 24, no. 2, pp. 115-139, May 2006. A. Hussain, J. Heidemann, and C. Papadopoulos, A Framework for Classifying Denial of Service Attacks, Proc. ACM SIGCOMM 03, pp. 99-110, 2003. A.R. Sharafat and M.S. Fallah, A Framework for the Analysis of Denial of Service Attacks, The Computer J., vol. 47, no. 2, pp. 179-192, Mar. 2004.

C.L. Schuba, I.V. Krsul, M.G. Kuhn, E.H. Spafford, A. Sundaram, and D. Zamboni, Analysis of a Denial of Service Attack on TCP, Proc. 18th IEEE Symp. Security and Privacy, pp. 208-223, 1997.

Smurf IP Denial-of-Service Attacks. CERT Coordination Center, Carnegie Mellon Univ., 1998.