Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Subject: search.filters.subject.Distributed denial of service

Search Results

Now showing 1 - 4 of 4
  • No Thumbnail Available
    Item
    Throttling DDoS attacks
    (2009) Gujjunoori, S.; Ali, T.A.; Babu J, B.J.; Avinash, D.; Mohandas, R.; Pais, A.R.
    Distributed Denial of Service poses a significant threat to the Internet today. In these attacks, an attacker runs a malicious process in compromised systems under his control and generates enormous number of requests, which in turn can easily exhaust the computing resources of a victim web server within a short period of time. Many mechanisms have been proposed till date to combat this attack. In this paper we propose a new solution to reduce the impact of a distributed denial of service attack on a web server by throttling the client's CPU. The concept of source throttling is used to make the client pay a resource stamp fee, which is negligible when the client is making a limited number of requests but becomes a limiting restriction when he is making a large number of requests. The proposed solution makes use of the integer factorization problem to generate the CPU stamps. We have packaged our solution as an API so that existing web applications can easily deploy our solution in a layer that is transparent to the underlying application.
  • No Thumbnail Available
    Item
    Throttling DDoS attacks
    (2009) Gujjunoori, S.; Ali, T.A.; Babu J, B.J.; Avinash, D.; Mohandas, R.; Pais, A.R.
    Distributed Denial of Service poses a significant threat to the Internet today. In these attacks, an attacker runs a malicious process in compromised systems under his control and generates enormous number of requests, which in turn can easily exhaust the computing resources of a victim web server within a short period of time. Many mechanisms have been proposed till date to combat this attack. In this paper we propose a new solution to reduce the impact of a distributed denial of service attack on a web server by throttling the client's CPU. The concept of source throttling is used to make the client pay a resource stamp fee, which is negligible when the client is making a limited number of requests but becomes a limiting restriction when he is making a large number of requests. The proposed solution makes use of the integer factorization problem to generate the CPU stamps. We have packaged our solution as an API so that existing web applications can easily deploy our solution in a layer that is transparent to the underlying application.
  • No Thumbnail Available
    Item
    Throttling DDoS attacks using discrete logarithm problem
    (2010) Darapureddi, A.; Mohandas, R.; Pais, A.R.
    Amongst all the security issues that the internet world is facing, Distributed Denial of Service attack (DDoS) receives special mention. In a typical DDoS attack, an attacker runs a malicious code on compromised systems to generate enormous number of requests to a single web server. The flood of incoming requests makes the victim web server resources to wear out completely within a short period of time; thereby causing denial of service to the legitimate users. In this paper we propose a solution to trim down the impact of DDoS attacks by throttling the client's CPU i.e., to make clients pay a stamp fee which is collected in terms of resource usage such as CPU cycles. Our proposed solution makes use of the discrete logarithm problem to generate the CPU stamps.
  • No Thumbnail Available
    Item
    Next-Generation DDoS Attacks on IoT Deployments: Targeting the Advanced Features of MQTT v5.0 Protocol
    (Institute of Electrical and Electronics Engineers Inc., 2025) Lakshminarayana, S.; Santhi Thilagam, P.
    Message queuing telemetry transport (MQTT) has emerged as the widely adopted application layer protocol for IoT environments because of its lightweight header, minimal power, and bandwidth requirements. Despite its popularity, the earlier version of the protocol, MQTT v3.1.1, encounters performance issues in large-scale implementations and required an update to handle the growing requirements of modern IoT applications. In response to these concerns, MQTT v5.0 was released with several significant features designed to enhance the reliability, user experience, and performance of IoT systems. While the MQTT protocol features were intended to facilitate robust and efficient communications, adversaries could exploit these features to mount various types of attacks in IoT deployments. More specifically, the Denial-of-Service (DoS) attacks toward the MQTT protocol have recently gained a lot of attention from the research community. However, the existing works primarily focus only on exploring the possibilities of misusing the MQTT v3.1.1 protocol features to generate DoS attacks in IoT realms. In this work, we attempt to extensively investigate the advanced protocol features of MQTT v5.0 that can be exploited to launch DDoS attacks impacting the IoT paradigm. We present the first critical evaluation of Distributed DoS (DDoS) attacks on the MQTT v5.0 protocol by analyzing three significant features: 1) CONNECT properties; 2) user properties; and 3) flow control. Moreover, we systematically propose attack scenarios based on the adversary’s capabilities, thus illustrating the practicality of proposed attacks in real-world scenarios. Furthermore, we built a real-world testbed for IoT healthcare application to evaluate the severity of the identified attacks. The experimental results demonstrate the effectiveness of these attacks in impacting the availability of guaranteed IoT services to legitimate users, even in times of need. Additionally, we disclose the insightful findings of this work as takeaways and present research initiatives toward developing effective defense mechanisms for MQTT v5.0 protocol. We hope that such a discussion could pave the way for future research, contributing to MQTT v5.0 security and resiliency. © 2014 IEEE.