Proof-of-Work Based Mitigation of Real Time Video DDoS Attacks

Abstract

As the Internet continues to grow in size and complexity, Distributed Denial of Service (DDoS) attacks grow in size and complexity alongside it. One particularly common form of DDoS attack is the TCP SYN flood, which exploits the TCP handshake process to exhaust server resources. This thesis investigates the use of a novel proof-of-work (PoW) based mitigation method to respond to such attacks, specifically in the context of WebRTC video conferencing applications. PoW aims to shift the computational burden from the server to the client, by utilizing a hard to solve puzzle that is easily verifiable. Guided by the same evaluation framework used by the original contributors, we conducted controlled experiments using SPHERE, a national research testbed, and the open-source Jitsi Meet video conference application to simulate DDoS attacks and measure their impact on video quality metrics such as upload/download bitrate and video framerate. Our experiments involved multiple scenarios with and without active attacks and PoW mitigation activate. Results demonstrate that PoW imposes minimal overhead on legitimate clients while maintaining high efficacy when faced with the threat of a SYN Flood attack, regardless of whether the attackers do the proof-of-work before sending traffic. These findings highlight PoW as a promising low overhead mitigation method for WebRTC conference systems under the threat of DDoS attacks.