A distributed client-puzzle mechanism to mitigate bandwidth attacks

The use of client puzzles has been recognized as a preventive defense against resource exhaustion attacks. Its original schemes, however, cannot be used against bandwidth attacks. To resolve this, some defense mechanisms have recently been proposed in which the puzzles are created and the answers are evaluated by the routers distributed over the network. Although interesting, these mechanisms are of high complexity and their success relies on high cooperation from core routers, a thing that is not possible in the near future. In this paper, we propose a novel distributed puzzle-based defense mechanism against bandwidth attacks. Unlike the earlier solutions, it only requires cooperation from the routers within a single autonomous system. To attain such a cooperation, we suggest the use of incentive mechanisms with money. We also employ game theory to decide on appropriate payments to cooperating routers as well as to adjust the difficulty level of the puzzles. Simulation results show that our mechanism is effective in mitigating bandwidth attacks.