1. Field of the Invention
The present invention relates to preventing denial of service attacks in peer-to-peer systems caused by clients flooding a server with requests.
2. Description of the Related Art
Peer-to-peer systems may encompass a heterogeneous collection of computing resources owned by numerous individuals and institutions. In particular, two devices operate as peers across a network by exchanging requests and responses. A typical example is a client-server model where a client computer sends a request via the network to the server for some work (i.e., use of server resources), for example an HTTP request for a web page. These networks are often subject to Denial of Service attacks, where one device (e.g., a client) attacks a peer device (e.g., a server) by “flooding” the server with irrelevant requests or insertion of malicious data into the requests.
There are three major points of failure in peer-to-peer systems: the network, the peer node, and the end user.
Network burden (often called “bandwidth depletion”) is caused by flooding a peer node with more packets than the infrastructure (i.e., the network) can handle. Valid service requests are dropped by the packet routers before they reach the node providing service. One example involves propagation of a computer virus throughout a network such as the Internet, that includes malicious code causing the infected computers to send the frivolous requests at a certain date and time in the future after the computer virus has had sufficient time to proliferate throughout the network. To date there is no known solution to preventing network burden attacks.
Server burden may occur when clients request computationally-expensive services from a service provider. These requests deplete server resources (such as compute-time, memory, and disk space) until the server is incapable of providing service to other clients. Common forms of attack on servers include SYN-flood, buffer overrun, log rollover, and continuous re-authentication.
User burden occurs when the peer network supplies too much information for a request, requiring an excessive time investment to extract the useful information. For example, uncooperative clients may insert invalid data (i.e., null or junk data), requiring end users to wade through the responses to locate the useful material.
Typical approaches to SYN-flood attacks and Junk Data attacks have included adding client identification and authorization by a service authority for network access and/or server access. The service authority may then monitor resource usage between the peer devices. Such arrangements, however, require a central database of identities or a trusted entity which is queried for authenticity. Consequently, such arrangements require prior registration or authorization, and as such are not entirely feasible for ad-hoc distributed systems that are unable to rely on (or avoid use of) a centralized authority.
Hence, a fully ad-hoc distributed system cannot rely on any central service or trusted entity for controlling against SYN-flood and Junk Data attacks.