SOFTWARE PUZZLE: A COUNTERMEASURE TO RESOURCE-INFLATED DENIAL-OF-SERVICE ATTACKS

ABSTRACT:

Denial-of-service (DoS) and distributed DoS (DDoS) are among the major threats to cyber-security, and client puzzle, which demands a client to perform computationally expensive operations before being granted services from a server, is a well-known countermeasure to them. However, an attacker can inflate its capability of DoS/DDoS attacks with fast puzzle solving software and/or built-in graphics processing unit (GPU) hardware to significantly weaken the effectiveness of client puzzles. In this paper, we study how to prevent DoS/DDoS attackers from inflating their puzzle-solving capabilities. To this end, we introduce a new client puzzle referred to as software puzzle. Unlike the existing client puzzle schemes, which publish their puzzle algorithms in advance, a puzzle algorithm in the present software puzzle scheme is randomly generated only after a client request is received at the server side and the algorithm is generated such that: 1) an attacker is unable to prepare an implementation to solve the puzzle in advance and 2) the attacker needs considerable effort in translating a central processing unit puzzle software to its functionally equivalent GPU version such that the translation cannot be done in real time. Moreover, we show how to implement software puzzle in the generic server-browser model.

AIM

 The aim of the paper is how to prevent DoS/DDoS attackers from inflating their puzzle-solving capabilities.

SCOPE

The scope of this paper is how to implement software puzzle in the generic server-browser model.

EXISTING SYSTEM

The existing client puzzle schemes assume that the malicious client solves the puzzle using legacy CPU resource only. However, this assumption is not always true. Presently, the many-core GPU (Graphic Processing Unit) component is almost a standard configuration in modern desktop computers (e.g., ATI Fireproof V3750 in Dell T3500), laptop computers (e.g., nVidia Quadro FX 880M in Lenovo Think pad W510), and even smart phones (e.g., Power VR SGX540 in Samsung I9008 GalaxyTM S). Therefore, an attacker can easily utilize the “free” GPUs or integrated CPU-GPU to inflate his computational capacity [5]. This renders the existing client puzzle schemes ineffective due to the significantly decreased computational cost ratio γ . For example, an attacker may amortize one puzzle-solving task to hundreds of GPU cores if the client puzzle function is parallelizable (e.g., the hash reversal puzzle), or the attacker may simultaneously send to the server many requests and ask every GPU core to solve one received puzzle challenge independently if the puzzle function is non-parallelizable (e.g. modular square root puzzle and Time-lock puzzle 

 DISADVANTAGES:

1.  An attacker is unable to prepare an implementation to solve the puzzle in advance.
2. The attacker needs considerable effort in translating a central processing unit puzzle software to its functionally equivalent GPU version such that the translation cannot be done in real time.

PROPOSED SYSTEM

This  paper presents a new type of client puzzle, called software puzzle, to defend against GPU-inflated DoS and DDoS attacks. Unlike the existing client puzzle schemes which publish a puzzle function in advance, the software puzzle scheme dynamically generates the puzzle function P(·) in the form of a software core C upon receiving a client’s request. Specifically, by extending DCG technology which produces machine instructions at runtime [10], the proposed scheme randomly chooses a set of basic functions, assembles them together into the puzzle core C, constructs a software puzzle C0x with the puzzle core C and a random challenge x. If the server aims to defeat high-level attackers who are able to reverse-engineer software, it will obfuscate C0x into an enhanced software puzzle. After receiving the software puzzle sent from the server, a client tries to solve the software puzzle on the host CPU, and replies to the server, as the conventional client puzzle scheme does. However, a malicious client may attempt to offload the puzzle-solving task into its GPU.

ADVANTAGES

1.  An open problem is how to construct the client-side software puzzle so as to save the server time for better defense performance
2. To evaluate the effect of code de-obfuscation, this is related to the technology advance of code obfuscation.

SYSTEM ARCHITECTURE

SYSTEM CONFIGURATION

HARDWARE REQUIREMENTS:-

·                Processor          -   Pentium –III

·                Speed                -    1.1 Ghz

·                RAM                 -    256 MB(min)

·                Hard Disk         -   20 GB

·                Floppy Drive    -    1.44 MB

·                Key Board                 -    Standard Windows Keyboard

·                Mouse               -    Two or Three Button Mouse

·                Monitor             -    SVGA

SOFTWARE REQUIREMENTS:-

·                Operating System      : Windows  7                                     

·                Front End                  : JSP AND SERVLET

·                Database                  : MYSQL

·                Tool                           :NETBEANS

REFERENCE:

Yongdong Wu, g Zhao ; Feng Bao ; Deng, “SOFTWARE PUZZLE: A COUNTERMEASURE TO RESOURCE-INFLATED DENIAL-OF-SERVICE ATTACKS”, IEEE Transactions on Information Forensics and Security, VOL 10, ISS 1,OCTOBER 2015.