ABSTRACT:
Denial-of-service
(DoS) and distributed DoS (DDoS) are among the major threats to cyber-security,
and client puzzle, which demands a client to perform computationally expensive
operations before being granted services from a server, is a well-known
countermeasure to them. However, an attacker can inflate its capability of
DoS/DDoS attacks with fast puzzle solving software and/or built-in graphics
processing unit (GPU) hardware to significantly weaken the effectiveness of
client puzzles. In this paper, we study how to prevent DoS/DDoS attackers from
inflating their puzzle-solving capabilities. To this end, we introduce a new
client puzzle referred to as software puzzle. Unlike the existing client puzzle
schemes, which publish their puzzle algorithms in advance, a puzzle algorithm
in the present software puzzle scheme is randomly generated only after a client
request is received at the server side and the algorithm is generated such
that: 1) an attacker is unable to prepare an implementation to solve the puzzle
in advance and 2) the attacker needs considerable effort in translating a
central processing unit puzzle software to its functionally equivalent GPU
version such that the translation cannot be done in real time. Moreover, we
show how to implement software puzzle in the generic server-browser model.
AIM
The aim of the paper is how to prevent
DoS/DDoS attackers from inflating their puzzle-solving capabilities.
SCOPE
The
scope of this paper is how to implement software puzzle in the generic
server-browser model.
EXISTING
SYSTEM
The
existing client puzzle schemes assume that the malicious client solves the
puzzle using legacy CPU resource only. However, this assumption is not always
true. Presently, the many-core GPU (Graphic Processing Unit) component is
almost a standard configuration in modern desktop computers (e.g., ATI Fireproof
V3750 in Dell T3500), laptop computers (e.g., nVidia Quadro FX 880M in Lenovo
Think pad W510), and even smart phones (e.g., Power VR SGX540 in Samsung I9008
GalaxyTM S). Therefore, an attacker can easily utilize the “free” GPUs or
integrated CPU-GPU to inflate his computational capacity [5]. This renders the
existing client puzzle schemes ineffective due to the significantly decreased
computational cost ratio γ . For example, an attacker may amortize one
puzzle-solving task to hundreds of GPU cores if the client puzzle function is
parallelizable (e.g., the hash reversal puzzle), or the attacker may
simultaneously send to the server many requests and ask every GPU core to solve
one received puzzle challenge independently if the puzzle function is
non-parallelizable (e.g. modular square root puzzle and Time-lock puzzle
DISADVANTAGES:
- An attacker is unable to prepare an implementation to solve the puzzle in advance.
- The attacker needs considerable effort in translating a central processing unit puzzle software to its functionally equivalent GPU version such that the translation cannot be done in real time.
PROPOSED SYSTEM
This
paper presents a new type of client
puzzle, called software puzzle, to defend against GPU-inflated DoS and DDoS
attacks. Unlike the existing client puzzle schemes which publish a puzzle
function in advance, the software puzzle scheme dynamically generates the
puzzle function P(·) in the form of a software core C upon receiving a client’s
request. Specifically, by extending DCG technology which produces machine
instructions at runtime [10], the proposed scheme randomly chooses a set of
basic functions, assembles them together into the puzzle core C, constructs a
software puzzle C0x with the puzzle core C and a random challenge x. If the
server aims to defeat high-level attackers who are able to reverse-engineer
software, it will obfuscate C0x into an enhanced software puzzle. After
receiving the software puzzle sent from the server, a client tries to solve the
software puzzle on the host CPU, and replies to the server, as the conventional
client puzzle scheme does. However, a malicious client may attempt to offload
the puzzle-solving task into its GPU.
ADVANTAGES
- An open problem is how to construct the client-side software puzzle so as to save the server time for better defense performance
- To evaluate the effect of code de-obfuscation, this is related to the technology advance of code obfuscation.
SYSTEM ARCHITECTURE
SYSTEM CONFIGURATION
HARDWARE REQUIREMENTS:-
· Processor - Pentium –III
· Speed - 1.1 Ghz
· RAM - 256 MB(min)
· Hard Disk - 20 GB
· Floppy Drive - 1.44 MB
· Key Board - Standard
Windows Keyboard
· Mouse - Two or Three Button Mouse
· Monitor - SVGA
SOFTWARE REQUIREMENTS:-
·
Operating
System : Windows 7
·
Front
End :
JSP AND SERVLET
·
Database :
MYSQL
REFERENCE:
Yongdong
Wu, g
Zhao ; Feng Bao ; Deng, “SOFTWARE PUZZLE: A COUNTERMEASURE TO RESOURCE-INFLATED
DENIAL-OF-SERVICE ATTACKS”, IEEE Transactions on Information Forensics and
Security, VOL 10, ISS 1,OCTOBER 2015.
No comments:
Post a Comment