Shuangke Wu,Yanjiao Chen,Minghui Li,Xiangyang Luo,Zhe Liu,Lan Liu

DOI: https://doi.org/10.1109/tnet.2020.2973410

2020-01-01

Abstract:Mining pools have become dominant in today's bitcoin mining network, where miners can pool their powers together for reduced variance of block mining and steadier stream of potential income. Along with the continuous evolvement of mining pools are the increasingly intense competitions among them. Recent empirical studies have shown that the distributed denial-of-service (DDoS) attack is one of the most common ways for competing mining pools to sabotage the rivals and earn illegitimate rewards. Existing efforts have been made on using static game models to analyze the interactions between mining pools, and derive the Nash Equilibrium and optimal attacking strategies in a one-time static context. To better understand the impact of such DDoS attacks, in this paper, we take a starkly different approach, and for the first time address the dynamics in mining pool attacks. Specifically, we start by formulating the interactive competition among mining pools as a general-sum stochastic game. Then we propose an efficient Nash learning algorithm to obtain the near optimal attacking strategy that maximizes the expected long-term utility. Our theoretical analysis and extensive experimental results both show that the proposed strategy outperforms the baseline myopic learning algorithm, which only aims at maximizing the revenue in the current time stage. These findings, together with our proposed stochastic game model and learning algorithm, are expected to provide more practical guidelines for mining pools to survive and thrive in the highly-competitive bitcoin ecosystem.

Xiang Chen,Hongyan Liu,Tingxin Sun,Qun Huang,Dong Zhang,Xuan Liu,Boyang Zhou,Haifeng Zhou,Chunming Wu

DOI: https://doi.org/10.1109/infocom53939.2023.10229080

2023-01-01

Abstract:To date, security researchers evaluate their solutions of mitigating denial-of-service (DDoS) attacks via kernel-based or kernel-bypassing testing tools. However, kernel-based tools exhibit poor scalability in attack traffic generation while kernel-bypassing tools result in unacceptable monetary cost. We propose Excalibur, a scalable and low-cost testing framework for DDoS defense solutions. The key idea is to leverage the programmable switch to perform testing tasks with Tbps-level scalability and low cost. Specifically, Excalibur coordinates both a server and a programmable switch to jointly perform testing tasks. It realizes flexible attack traffic generation, which requires a large number of resources, in the server while using the switch to increase the sending rate of attack traffic to Tbps-level. Our experiments on a 64×100Gbps Tofino switch show that Excalibur achieves orders-of-magnitude higher scalability and lower cost than existing tools.

Xiang Chen,Hongyan Liu,Qun Huang,Dong Zhang,Haifeng Zhou,Chunming Wu,Xuan Liu

DOI: https://doi.org/10.1109/tnet.2023.3281449

2024-01-01

Abstract:To date, security researchers evaluate their solutions of mitigating distributed denial-of-service (DDoS) attacks via kernel-based or kernel-bypassing testing tools. However, kernelbased tools exhibit poor scalability in attack traffic generation while kernel-bypassing tools incur unacceptable monetary cost. We propose Excalibur, a scalable and low-cost testing framework for evaluating DDoS defense solutions. The key idea is to leverage the emerging programmable switch to empower testing tasks with Tbps-level scalability and low cost. Specifically, Excalibur offers intent-based primitives to enable academic researchers to customize testing tasks on demand. Moreover, in view of switch resource limitations, Excalibur coordinates both a server and a programmable switch to jointly perform testing tasks. It realizes flexible attack traffic generation, which requires a large number of resources, in the server while using the switch to increase the sending rate of attack traffic to Tbps-level. We have implemented Excalibur on a 64 x 100 Gbps Tofino switch. Our experiments on a 64 x 100 Gbps Tofino switch show that Excalibur achieves orders-of-magnitude higher scalability and lower cost than existing tools.

Jin Liu,Hefei Ling,Fuhao Zou,Wei Qi Yan,Zhengding Lu

DOI: https://doi.org/10.4018/jdcf.2010100103

2010-01-01

International Journal of Digital Crime and Forensics

Abstract:This paper proposes a technique to defeat Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks in Ad Hoc Networks. The technique is divided into two main parts and with game theory and cryptographic puzzles. Introduced first is a new client puzzle to prevent DoS attacks in such networks. The second part presents a multiplayer game that takes place between the nodes of an ad hoc network and based on fundamental principles of game theory. By combining computational problems with puzzles, improvement occurs in the efficiency and latency of the communicating nodes and resistance in DoS and DDoS attacks. Experimental results show the effectiveness of the approach for devices with limited resources and for environments like ad hoc networks where nodes must exchange information quickly.

Jiajun Shen,Dongqin Feng

DOI: https://doi.org/10.1155/2016/4147251

2016-01-01

Journal of Control Science and Engineering

Abstract:With the development of industrial informatization, the industrial control network has gradually become much accessible for attackers. A series of vulnerabilities will therefore be exposed, especially the vulnerability of exclusive industrial communication protocols (ICPs), which has not yet been attached with enough emphasis. In this paper, stochastic game theory is applied on the vulnerability analysis of clock synchronization protocol (CSP), one of the pivotal ICPs. The stochastic game model is built strictly according to the protocol with both Man-in-the-Middle (MIM) attack and dependability failures being taken into account. The situation of multiple attack routes is considered for depicting the practical attack scenarios, and the introduction of time aspect characterizes the success probabilities of attackers actions. The vulnerability analysis is then realized through determining the optimal strategies of attacker under different states of system, respectively.

Zhen Cao,Xia Zhou,Maoxing Xu,Zhong Chen,Jianbin Hu,Liyong Tang

DOI: https://doi.org/10.1109/WiCOM.2006.248

2006-01-01

Abstract:In this paper we propose a reputation based client puzzle scheme included in a security framework to enhance base station security against Denial-of-Service attacks in the scenario of wireless sensor network. Through flexibly adjusting the difficulty level of puzzle according to each node's reputation value, we make malicious nodes with low reputation value face harder puzzle, rendering their attacks tougher while limiting extra overhead to normal nodes. We analyze our security framework in the specific case of SPINS, and conduct simulation to evaluate its effectiveness.

Luca Arnaboldi,Charles Morrisset

DOI: https://doi.org/10.1007/978-3-319-68063-7_16

2017-10-30

Abstract:Denial of Service (DoS) attacks constitute a major security threat to today's Internet. This challenge is especially pertinent to the Internet of Things (IoT) as devices have less computing power, memory and security mechanisms to mitigate DoS attacks. This paper presents a model that mimics the unique characteristics of a network of IoT devices, including components of the system implementing `Crypto Puzzles' - a DoS mitigation technique. We created an imitation of a DoS attack on the system, and conducted a quantitative analysis to simulate the impact such an attack may potentially exert upon the system, assessing the trade off between security and throughput in the IoT system. We model this through stochastic model checking in PRISM and provide evidence that supports this as a valuable method to compare the efficiency of different implementations of IoT systems, exemplified by a case study.

Cryptography and Security

Aydin Abadi,Dan Ristea,Steven J. Murdoch

2023-08-03

Abstract:Time-Lock Puzzles (TLPs) are cryptographic protocols that enable a client to lock a message in such a way that a server can only unlock it after a specific time period. However, existing TLPs have certain limitations: (i) they assume that both the client and server always possess sufficient computational resources and (ii) they solely focus on the lower time bound for finding a solution, disregarding the upper bound that guarantees a regular server can find a solution within a certain time frame. Additionally, existing TLPs designed to handle multiple puzzles either (a) entail high verification costs or (b) lack generality, requiring identical time intervals between consecutive solutions. To address these limitations, this paper introduces, for the first time, the concept of a "Delegated Time-Lock Puzzle" and presents a protocol called "Efficient Delegated Time-Lock Puzzle" (ED-TLP) that realises this concept. ED-TLP allows the client and server to delegate their resource-demanding tasks to third-party helpers. It facilitates real-time verification of solution correctness and efficiently handles multiple puzzles with varying time intervals. ED-TLP ensures the delivery of solutions within predefined time limits by incorporating both an upper bound and a fair payment algorithm. We have implemented ED-TLP and conducted a comprehensive analysis of its overheads, demonstrating the efficiency of the construction.

Cryptography and Security

Linzhi Jiang,Chunxiang Xu,Xiaofang Wang,Yanghong Zhou

DOI: https://doi.org/10.1109/HPCC-CSS-ICESS.2015.148

2015-01-01

Abstract:Network security protocol design is important aspect of network security research. DoS/DDoS is very serious attack in wired and wireless network. DoS/DDoS attack depletes memory/cpu of service provider, so legitimate user can't gain normal service. According to anti-DoS attack strategy of network security protocols, we give and discuss three mechanisms (stateless connection, Fail-together and Subset Sum Client-Puzzle) on design of a key exchange protocol against denial of service attack for ISO/IEC1170-3 key exchange protocol. Subset Sum Client-Puzzle has simple structure, Non-Parallelizable speciality and fast verification. N Subset Sum Client-Puzzles' difficulties are sum of n Subset Sum Client-Puzzle's difficulty. Based on analysis of new key exchange protocol, we compare initiator and responder for computation resource, memory depletion and anti-DoS/DDoS. ISO/IEC1170-3 key exchange protocol on Subset Sum Client Puzzle, which is non-parallelizable, easy construction and verification, has the good property against DoS/DDoS attack. It provides a very good reference for network security protocol design with anti-DoS/DDoS attack.

Yossi Gilad,Amir Herzberg

DOI: https://doi.org/10.48550/arXiv.1208.2357

2012-08-11

Abstract:We present a new type of clogging DoS attacks, with the highest amplification factors achieved by off-path attackers, using only puppets, i.e., sandboxed malware on victim machines. Specifically, we present off-path variants of the Opt-ack, Ack-storm and Coremelt DoS attacks, achieving results comparable to these achieved previously achieved by eavesdropping/MitM attackers and (unrestricted) malware. In contrast to previous off-path attacks, which attacked the client (machine) running the malware, our attacks address a very different goal: large-scale clogging DoS of a third party, or even of backbone connections. Our clogging attacks are based on off-path TCP injections. Indeed, as an additional contribution, we present improved off-path TCP injection attacks. Our new attacks significantly relax the requirements cf. to the known attacks; specifically, our injection attack requires only a Java script in browser sandbox (not 'restricted malware'), does not depend on specific operating system properties, and is efficient even when client's port is determined using recommended algorithm. Our attacks are constructed modularly, allowing reuse of modules for other scenarios and replacing modules as necessary. We present specific defenses, however, this work is further proof to the need to base security on sound foundations, using cryptography to provide security even against MitM attackers.

Cryptography and Security

Saravanan Kumarasamy,R. Asokan

DOI: https://doi.org/10.5121/ijcseit.2011.1504

2012-01-10

Abstract:Pushback is a mechanism for defending against Distributed Denial-of-Service (DDoS) attacks. DDoS attacks are treated as a congestion-control problem, but because most such congestion is caused by malicious hosts not obeying traditional end-to-end congestion control, the problem must be handled by the routers. Functionality is added to each router to detect and preferentially drop packets that probably belong to an attack. Upstream routers are also notified to drop such packets in order that the router's resources be used to route legitimate traffic hence term pushback. Client puzzles have been advocated as a promising countermeasure to DoS attacks in the recent years. In order to identify the attackers, the victim server issues a puzzle to the client that sent the traffic. When the client is able to solve the puzzle, it is assumed to be authentic and the traffic from it is allowed into the server. If the victim suspects that the puzzles are solved by most of the clients, it increases the complexity of the puzzles. This puzzle solving technique allows the traversal of the attack traffic throughout the intermediate routers before reaching the destination. In order to attain the advantages of both pushback and puzzle solving techniques, a hybrid scheme called Router based Pushback technique, which involves both the techniques to solve the problem of DDoS attacks is proposed. In this proposal, the puzzle solving mechanism is pushed back to the core routers rather than having at the victim. The router based client puzzle mechanism checks the host system whether it is legitimate or not by providing a puzzle to be solved by the suspected host.

Cryptography and Security

Yong-Hao Zou,Jia-Ju Bai,Jielong Zhou,Jiangfeng Tan,Chenggang Qin,Shi-Min Hu

2021-01-01

Abstract:TCP stacks provide reliable data transmission in network, and thus they should be correctly implemented and well tested to ensure reliability and security. However, testing TCP stacks is difficult. First, a TCP stack accepts packets and system calls that have dependencies between each other, and thus generating effective test cases is challenging. Second, a TCP stack has various complex state transitions, but existing testing approaches target covering states instead of covering state transitions, and thus their testing coverage is limited. Finally, our study of TCP stack commits shows that 87% of bug-fixing commits are related to semantic bugs (such as RFC violations), but existing bug sanitizers can detect only memory bugs not semantic bugs. In this paper, we design a novel fuzzing framework named TCP-Fuzz, to effectively test TCP stacks and detect bugs. TCP-Fuzz consists of three key techniques: (1) a dependencybased strategy that considers dependencies between packets and system calls, to generate effective test cases; (2) a transition-guided fuzzing approach that uses a new coverage metric named branch transition as program feedback, to improve the coverage of state transitions; (3) a differential checker that compares the outputs of multiple TCP stacks for the same inputs, to detect semantic bugs. We have evaluated TCP-Fuzz on five widely-used TCP stacks (TLDK, F-Stack, mTCP, FreeBSD TCP and Linux TCP), and find 56 real bugs (including 8 memory bugs and 48 semantic bugs). 40 of these bugs have been confirmed by related developers.

Yibo Wang,Yuzhe Tang,Kai Li,Wanning Ding,Zhihua Yang

2024-06-21

Abstract:In blockchains, mempool controls transaction flow before consensus, denial of whose service hurts the health and security of blockchain networks. This paper presents MPFUZZ, the first mempool fuzzer to find asymmetric DoS bugs by symbolically exploring mempool state space and optimistically estimating the promisingness an intermediate state is in reaching bug oracles. Compared to the baseline blockchain fuzzers, MPFUZZ achieves a > 100x speedup in finding known DETER exploits. Running MPFUZZ on six major Ethereum clients leads to the discovering of new mempool vulnerabilities, which exhibit a wide variety of sophisticated patterns including stealthy mempool eviction and mempool locking. Rule-based mitigation schemes are proposed against newly discovered vulnerabilities.

Cryptography and Security

张兆心,张冰,方滨兴,胡萍,李斌

DOI: https://doi.org/10.3321/j.issn:1000-436x.2009.12.001

2009-01-01

Abstract:Through deeply analyzing on the principle,mode,character of DoS and the DoS attack faced by SIP network, combining with the state transferring of intrusion tolerance,the idea of Client Puzzle,the character of SIP session,SIP network and SIP proxy server,put forward the SIP intrusion tolerence mode based on state transferring,and designed the testbed to test the ability of resisting DoS attack.The experiment result prove that this model can effectively resist the DoS attack including aiming at computing ability,waiting time,and flood,which improve the ability of SIP server on resisting DoS attack and the usablity of SIP network.

Dong Wang,Peilin Jia,Jie Lian,Xinyu Pei

DOI: https://doi.org/10.1109/tcns.2022.3225282

IF: 4.347

2022-01-01

IEEE Transactions on Control of Network Systems

Abstract:This study investigates a denial-of-service (DoS) attack strategy against cyber-physical systems (CPS) under energy constraints. A DoS attacker with eavesdropping ability under a limited energy budget was considered. By scheduling the attack behavior based on historical attack results, the attacker aims to maximize the state estimation error of the CPS. A novel DoS attack strategy with pause and restart rules was proposed, in which the attacker pauses the attack for a while to restore energy after a failed attack attempt. The restart rule was described based on Markov chain modeling of the attacking period. The transition matrix and stationary distribution of the Markov chain model were also presented. To maximize the attack effect, the optimal restart rule of the proposed strategy was investigated. Finally, it was proven that the proposed attack strategy in this study is more destructive than the periodic attack strategy, and simulations were provided to verify our theoretical results.

computer science, information systems,automation & control systems

Chunyang Qi,Jie Huang,Cheng Huang,Huaqing Wu,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/globecom48099.2022.10000946

2022-01-01

Abstract:IoTs generally rely on resource-constrained devices to sense, relay, and collect data, which are highly vulnerable to Distributed-Denial-of-Services (DDOS) attacks on network throughput. In this paper, we propose a trust-based method to optimize the network throughput of IoTs under DDOS attacks. Specifically, with the assistance of a small number of dedicatedly deployed defense nodes as defenders, a network controller can first measure the behavior of other IoT nodes and categorize them into three types (i.e., innocent, selfish, and attack) through a well-designed trust evaluation model. Then, a Stackelberg game model is constructed accordingly, where defenders are leaders and other nodes are followers. We carefully define the utilities of the leaders and the followers in the game, and transform the optimization problem of the network throughput into the maximization problem of the defenders' utilities considering the utilities of the followers. We adopt the Dinkelbach Programming (DP)-based algorithm to solve the maximization problem such that a Stackelberg equilibrium can be reached with optimized network throughput. Extensive simulations are performed to demonstrate that the proposed defense method can significantly increase the IoT network throughput under different DDOS attack intensities.

C. Sun,C. Hu,B. Liu

DOI: https://doi.org/10.1049/iet-ifs.2010.0158

2012-01-01

IET Information Security

Abstract:SYN flood attacks still dominate distributed denial of service attacks. It is a great challenge to accurately detect the SYN flood attacks which utilise skillful spoofs to evade traditional detection methods. An intelligent attacker would evade the public detection methods by suitably spoofing the attack to appear benign. Keeping per-flow or per-connection state could eliminate such a spoofing, but meanwhile, it is very difficult to be implemented in practice. A more accurate and fast SYN flood detection method, named SACK2, is proposed to deal with all kinds of SYN flood attacks with limited implementation costs. SACK2 exploits the behaviour of the SYN/ACK-CliACK pair to identify the victim server and the TCP port being attacked, where a SYN/ACK packet is sent by a server when receiving a connection request and a CliACK packet is the ACK packet sent by the client to complete the three-way handshake. It also utilises the space efficient data structure, counting Bloom filter, to recognise the CliACK packet. The memory cost of SACK2 for a 10 Gbps link is 364 KB and can be easily accommodated in modern routers. SACK2 can report the start of the attack in less than one detection period, and the end of the attack less than two detection periods. It is also demonstrated that SACK2 is the most accurate detection method through comprehensive experiments.

Zhuping Wang,Haoyu Shen,Hao Zhang,Sheng Gao,Huaicheng Yan

DOI: https://doi.org/10.1016/j.ins.2023.119134

IF: 8.1

2023-01-01

Information Sciences

Abstract:In this paper, the optimal DoS attack on cyber-physical systems is studied in Stackelberg game framework, which is manifested by energy allocation on communication channels. To give a realistic picture of DoS attack on a normal user launched by several hackers, a Stackelberg game between one defender and multiple attackers is considered. Compared with the existing literature, which mainly focus on equilibrium in static games, the dynamic process of the Stackelberg game is also reflected in this paper, which demonstrates the intelligence of attackers switching channels to allocate aggressive energy. In the solution of Stackelberg equilibrium, self-adaptive Particle Swarm Optimization (PSO) algorithm is utilized to cope with the nonlinearity of the reward function. Besides, for the purpose of better performance of both sides in choosing channels to allocate energy, an online computation algorithm is proposed. Finally, numerical examples are equipped to illustrate the theoretical results proved in this work.

Jiachen Wu,Jipeng Li,Yan Wang,Yanru Zhang,Yingjie Zhou

DOI: https://doi.org/10.1109/MSN50589.2020.00060

2020-01-01

Abstract:Recent detection method based on machine learning demonstrates significant advantages against varieties of network attacks, and has been widely deployed in cloud applications. However, novel attacks such as Advanced Persistent Threats (APTs) could evade detection of the intrusion detection system, which may lead to serious data leakage in cloud. Existing methods studied the countermeasures to defend against evasion attacks. However, a cloud service provider (CSP) also have to balance between its expect revenue and the security risk of system with limited resources. In this paper, we present the CSP’s optimal strategy for effective and safety operation, in which the CSP decides the size of users that the cloud service will provide and whether enhanced countermeasures will be conducted for discovering the possible evasion attacks. While the CSP tries to optimize its profit by carefully making a two-step decision of the defense plan and service scale, the attacker considers its expected revenue to launch evasion attacks or not. To obtain insights of such a highly coupled system, we consider a system with one CSP and one attacker with two attack choices of whether to launch an evasion attack. We propose a two-stage Stackelberg game, in which the CSP acts as the leader who decides the defense plan and service scale in Stage I, and the attacker acts as the follower that determines whether to make evasion attacks in Stage II. We derive the Nash Equilibrium by analyzing the attacker’s choices under different scenarios that the CSP selects. Then, we provide the CSP’s optimal strategies to maximize its revenue. The simulation results help to better understand the CSP’s optimal solutions under different situations.