Random early detection gateways for congestion avoidance
IEEE/ACM Transactions on Networking (TON)
Signals & systems (2nd ed.)
Dummynet: a simple approach to the evaluation of network protocols
ACM SIGCOMM Computer Communication Review
Content-Based Image Retrieval at the End of the Early Years
IEEE Transactions on Pattern Analysis and Machine Intelligence
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Discrete Wavelet Transform: Architectures, Design and Performance Issues
Journal of VLSI Signal Processing Systems
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Uncooperative congestion control
Proceedings of the joint international conference on Measurement and modeling of computer systems
Exploiting the Transients of Adaptation for RoQ Attacks on Internet Resources
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Defending Against Low-Rate TCP Attacks: Dynamic Detection and Protection
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
On the robustness of router-based denial-of-service (DoS) defense systems
ACM SIGCOMM Computer Communication Review
Filtering of Shrew DDoS Attacks in Frequency Domain
LCN '05 Proceedings of the The IEEE Conference on Local Computer Networks 30th Anniversary
Distributed mechanism in detecting and defending against the low-rate TCP attack
Computer Networks: The International Journal of Computer and Telecommunications Networking
Collaborative detection and filtering of shrew DDoS attacks using spectral analysis
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
ICCNMC'05 Proceedings of the Third international conference on Networking and Mobile Computing
A General Framework of Progressive Filtering and Its Application to Query by Singing/Humming
IEEE Transactions on Audio, Speech, and Language Processing
Flow level detection and filtering of low-rate DDoS
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting denial of service by modelling web-server behaviour
Computers and Electrical Engineering
| Hi-index | 0.00 |
This paper addresses the important problem of detecting pulsing denial of service (PDoS) attacks which send a sequence of attack pulses to reduce TCP throughput. Unlike previous works which focused on a restricted form of attacks, we consider a very broad class of attacks. In particular, our attack model admits any attack interval between two adjacent pulses, whether deterministic or not. It also includes the traditional flooding-based attacks as a limiting case (i.e., zero attack interval). Our main contribution is Vanguard, a new anomaly-based detection scheme for this class of PDoS attacks. The Vanguard detection is based on three traffic anomalies induced by the attacks, and it detects them using a CUSUM algorithm. We have prototyped Vanguard and evaluated it on a testbed. The experiment results show that Vanguard ismore effective than the previous methods that are based on other traffic anomalies (after a transformation using wavelet transform, Fourier transform, and autocorrelation) and detection algorithms (e.g., dynamic time warping).