To defend against denial-of-service (DoS) attacks, we employ a technique called resource burning (RB). RB is the verifiable expenditure of a resource, such as computational power, required from clients before receiving service from the server. To the best of our knowledge, we present the first DoS defense algorithms where the algorithmic cost -- the cost to both the server and the honest clients -- is bounded as a function of the attacker's cost. We model an omniscient, Byzantine attacker, and a server with access to an estimator that estimates the number of jobs from honest clients in any time interval. We examine two communication models: an idealized zero-latency model and a partially synchronous model. Notably, our algorithms for both models have asymptotically lower costs than the attacker's, as the attacker's costs grow large. Both algorithms use a simple rule to set required RB fees per job. We assume no prior knowledge of the number of jobs, the adversary's costs, or even the estimator's accuracy. However, these quantities parameterize the algorithms' costs. We also prove a lower bound on the cost of any randomized algorithm. This lower bound shows that our algorithms achieve asymptotically tight costs as the number of jobs grows unbounded, whenever the estimator output is accurate to within a constant factor.

翻译：为抵御拒绝服务（DoS）攻击，我们采用一种称为资源燃烧（RB）的技术。RB要求客户端在获得服务器服务前进行可验证的资源消耗（如算力）。据我们所知，我们首次提出了一类DoS防御算法，其算法成本——即服务器和诚实客户端所需承担的成本——由攻击者成本函数界定。我们建模了一个全知拜占庭攻击者，以及一个能估计任意时间区间内诚实客户端任务数量的估算器服务器。我们研究了两种通信模型：理想化零延迟模型与部分同步模型。值得注意的是，针对这两种模型的算法在攻击者成本增大时，其渐近成本均低于攻击者成本。两种算法均采用简单规则设定每个任务所需的RB费用。我们假设无需预先知晓任务数量、攻击者成本甚至估算器的精度——这些参数仅作为算法成本的影响因子。我们还证明了任意随机化算法的成本下界。该下界表明：当任务数量趋于无穷时，只要估算器输出在常数因子范围内保持精确，我们的算法即可实现渐近最优成本。