Service discovery with denial-of-service attack resistance using risk evaluation

The purpose of this research is to realize a service discovery protocol that offers denial-of-service (DoS) attack resistance such that even devices with poor CPU resources can be protected from, attacks by more powerful clients. We propose a brand-new method that extends the existing Puzzle Auction, a general-purpose anti-DoS method, by combining it with our original risk-based priority control function. Risk is used as the criteria to evaluate the possibility that a received message is a part of a DoS attack. The server evaluates the risk from the difficulty of the puzzle attached to the client´s message and the solution waiting time, which is the time the server has to wait until it receives a solution to the puzzle. CPU resource protection on the server and improved response to the client are achieved at the same time by the proposed priority control method. Experiments that examine six scenarios covering a wide range of situations show that the proposed method offers good performance for a wide range of scope S, which is the parameter used to define the granularity of the risk evaluation. The proposed method shows an improvement in response ratio, from, 18.2% to 51.2%, in the scenario that can not be well handled by the existing puzzle method. Also for the other scenarios, the proposed method approximately matches the performance of the existing puzzle method.