@inproceedings{3465dd7e8a894f16aa1f9e58449a7917,
title = "Revisiting Client Puzzles for State Exhaustion Attacks Resilience",
abstract = "In this paper, we address the challenges facing the adoption of client puzzles as a means to protect the TCP connection establishment channel from state exhaustion DDoS attacks. We model the problem of selecting the puzzle difficulties as a Stackelberg game with the server as the leader and the clients as the followers and obtain the equilibrium solution for the puzzle difficulty. We then present an implementation of client puzzles inside the TCP stack of the Linux 4.13.0 kernel. We evaluate the performance of our implementation and the obtained solution against a range of attacks through reproducible experiments on the DETER testbed. Our results show that client puzzles are effective at boosting the tolerance of the TCP handshake channel to state exhaustion DDoS attacks by rate limiting malicious attackers while allocating resources for legitimate clients.",
keywords = "Denial of Service Attacks, Proof-of-Work, Stackelberg Games, TCP",
author = "Noureddine, {Mohammad A.} and Fawaz, {Ahmed M.} and Amanda Hsu and Cody Guldner and Sameer Vijay and Tamer Basar and Sanders, {William H.}",
note = "Publisher Copyright: {\textcopyright} 2019 IEEE.; 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019 ; Conference date: 24-06-2019 Through 27-06-2019",
year = "2019",
month = jun,
doi = "10.1109/DSN.2019.00067",
language = "English (US)",
series = "Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "617--629",
booktitle = "Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019",
address = "United States",
}