Denial-of-Service (DoS) flooding attackers benefit from sender anonymity and exit node diversity. Anonymity networks provide this by hiding he communication relationship and therefore hinder attack detection. After the anonymity network purges IP headers, the attributes for clustering of traffic flows remain hidden. Message unlinkability provides network privacy.
We design limited message linkability for clustering of traffic flows.Clusters of anonymous traffic are sufficient for flooding attack detection and also enable mitigation. The number of linkable messages is restricted to limit profile size and protect from privacy adversaries. In distributed scenarios, our incentive motivates use of a single entity.
Message tags enable detection of flooding attacks. The set of linkable messages is limited, which cuts activity profile. Adversaries cannot influence message linkability of other parties. Senders dynamically govern their message linkability through the message arrival rate. During flooding to a single victim message linkability improves, enabling DoS detection for anonymity networks.

@INPROCEEDINGS{Oberender2007,
  author = {Jens O. Oberender and Melanie Volkamer and Hermann de Meer},
  title = {Denial-of-Service Flooding Detection in Anonymity Networks},
  booktitle = {IEEE Workshop on Monitoring, Attack Detection and Mitigation (MonAM)},
  year = {2007},
}