@inproceedings{3465dd7e8a894f16aa1f9e58449a7917,
title = "Revisiting Client Puzzles for State Exhaustion Attacks Resilience",
abstract = "In this paper, we address the challenges facing the adoption of client puzzles as a means to protect the TCP connection establishment channel from state exhaustion DDoS attacks. We model the problem of selecting the puzzle difficulties as a Stackelberg game with the server as the leader and the clients as the followers and obtain the equilibrium solution for the puzzle difficulty. We then present an implementation of client puzzles inside the TCP stack of the Linux 4.13.0 kernel. We evaluate the performance of our implementation and the obtained solution against a range of attacks through reproducible experiments on the DETER testbed. Our results show that client puzzles are effective at boosting the tolerance of the TCP handshake channel to state exhaustion DDoS attacks by rate limiting malicious attackers while allocating resources for legitimate clients.",
keywords = "Denial of Service Attacks, Proof-of-Work, Stackelberg Games, TCP",
author = "Noureddine, {Mohammad A.} and Fawaz, {Ahmed M.} and Amanda Hsu and Cody Guldner and Sameer Vijay and Tamer Basar and Sanders, {William H.}",
note = "Acknowledgments. We are grateful for the thoughtful comments and suggestions offered by our shepherd, Doug Blough, and the anonymous reviewers. We would like to thank Jenny Applequist for her editorial comments. This material is based upon work supported in part by the Department of Energy under Award Number DE-OE0000780, in part by the Office of Naval Research (ONR) MURI Grant N00014-16-1-2710, and in part by US Army Research Laboratory (ARL) Cooperative Agreement W911NF-17-2-0196. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.; 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019 ; Conference date: 24-06-2019 Through 27-06-2019",
year = "2019",
month = jun,
doi = "10.1109/DSN.2019.00067",
language = "English (US)",
series = "Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "617--629",
booktitle = "Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019",
address = "United States",
}