Bankrupting DoS Attackers Despite Uncertainty

by   Trisha Chakraborty, et al.

On-demand provisioning in the cloud allows for services to remain available despite massive denial-of-service (DoS) attacks. Unfortunately, on-demand provisioning is expensive and must be weighed against the costs incurred by an adversary. This leads to a recent threat known as economic denial-of-sustainability (EDoS), where the cost for defending a service is higher than that of attacking. A natural approach for combating EDoS is to impose costs via resource burning (RB). Here, a client must verifiably consume resources – for example, by solving a computational challenge – before service is rendered. However, prior approaches with security guarantees do not account for the cost on-demand provisioning. Another valuable defensive tool is to use a classifier in order to discern good jobs from a legitimate client, versus bad jobs from the adversary. However, while useful, uncertainty arises from classification error, which still allows bad jobs to consume server resources. Thus, classification is not a solution by itself. Here, we propose an EDoS defense, RootDef, that leverages both RB and classification, while accounting for both the costs of resource burning and on-demand provisioning. Specifically, against an adversary that expends B resources to attack, the total cost for defending is Õ( √(B g) + B^2/3 + g), where g is the number of good jobs and Õ refers to hidden logarithmic factors in the total number of jobs n. Notably, for large B relative to g, the adversary has higher cost, implying that the algorithm has an economic advantage. Finally, we prove a lower bound showing that RootDef has total costs that are asymptotically tight up to logarithmic factors in n.


page 1

page 2

page 3

page 4


Bankrupting Sybil Despite Churn

A Sybil attack occurs when an adversary pretends to be multiple identiti...

A Theory of Auto-Scaling for Resource Reservation in Cloud Services

We consider a distributed server system consisting of a large number of ...

Sharp Waiting-Time Bounds for Multiserver Jobs

Multiserver jobs, which are jobs that occupy multiple servers simultaneo...

Dynamic Vector Bin Packing for Online Resource Allocation in the Cloud

Several cloud-based applications, such as cloud gaming, rent servers to ...

Resource-Competitive Sybil Defenses

Proof-of-work(PoW) is an algorithmic tool used to secure networks by imp...

An almost linear time complexity algorithm for the Tool Loading Problem

As shown by Tang, Denardo [9] the job Sequencing and tool Switching Prob...

Please sign up or login with your details

Forgot password? Click here to reset