Denial-of-Service Flooding Detection in Anonymity Networks

Jens O. Oberender, Melanie Volkamer und Hermann De Meer
IEEE Workshop on Monitoring, Attack Detection and Mitigation (MonAM) 2007

Denial-of-Service (DoS) flooding attackers benefit from sender anonymity and exit node diversity. Anonymity networks provide this by hiding the communication relationship
and therefore hinder attack detection. After the anonymity network purges IP headers, the attributes for clustering of traffic flows remain hidden. Message unlinkability provides network privacy. We design limited message linkability for clustering of traffic flows. Clusters of anonymous traffic are sufficient for flooding attack detection and also enable mitigation. The number of linkable messages is restricted to limit profile size and protect
from privacy adversaries. In distributed scenarios, our incentive motivates use of a single entity. Message tags enable detection of flooding attacks. The set of linkable messages is limited, which cuts activity profile. Adversaries cannot influence message linkability of other parties. Senders dynamically govern their message linkability through the message arrival rate. During flooding to a single victim message linkability improves, enabling
DoS detection for anonymity networks.

Publication @UniPassau


Dieser Beitrag wurde unter IT security, Anonymity Networks, The Peer-to-Peer Paradigm, Common Goods, Publications veröffentlicht. Setze ein Lesezeichen auf den Permalink.