Jens O. Oberender, Melanie Volkamer und Hermann De Meer
IEEE Workshop on Monitoring, Attack Detection and Mitigation (MonAM) 2007
Denial-of-Service (DoS) ﬂooding attackers beneﬁt from sender anonymity and exit node diversity. Anonymity networks provide this by hiding the communication relationship
and therefore hinder attack detection. After the anonymity network purges IP headers, the attributes for clustering of trafﬁc ﬂows remain hidden. Message unlinkability provides network privacy. We design limited message linkability for clustering of trafﬁc ﬂows. Clusters of anonymous trafﬁc are sufﬁcient for ﬂooding attack detection and also enable mitigation. The number of linkable messages is restricted to limit proﬁle size and protect
from privacy adversaries. In distributed scenarios, our incentive motivates use of a single entity. Message tags enable detection of ﬂooding attacks. The set of linkable messages is limited, which cuts activity proﬁle. Adversaries cannot inﬂuence message linkability of other parties. Senders dynamically govern their message linkability through the message arrival rate. During ﬂooding to a single victim message linkability improves, enabling
DoS detection for anonymity networks.