A novel mechanism to defend against low-rate denial-of-service attacks

Authors:
Wei Wei;Yabo Dong;Dongming Lu;Guang Jin;Honglan Lao
Affiliations:
College of Computer Science and Technology, Zhejiang University, Hangzhou, P.R. China;College of Computer Science and Technology, Zhejiang University, Hangzhou, P.R. China;College of Computer Science and Technology, Zhejiang University, Hangzhou, P.R. China;College of Computer Science and Technology, Zhejiang University, Hangzhou, P.R. China;Department of Electrical Engineering, University of Southern California, Los Angeles, CA
Venue:
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Year:
2006

Citing 7
Cited 2

Congestion avoidance and control

SIGCOMM '88 Symposium proceedings on Communications architectures and protocols
On estimating end-to-end network path properties

Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Defending Against Low-Rate TCP Attacks: Dynamic Detection and Protection

ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Distinguishing between single and multi-source attacks using signal processing

Computer Networks: The International Journal of Computer and Telecommunications Networking
Filtering of Shrew DDoS Attacks in Frequency Domain

LCN '05 Proceedings of the The IEEE Conference on Local Computer Networks 30th Anniversary
Defense against low-rate TCP-targeted denial-of-service attacks

ISCC '04 Proceedings of the Ninth International Symposium on Computers and Communications 2004 Volume 2 (ISCC"04) - Volume 02

Defense techniques for low-rate DoS attacks against application servers

Computer Networks: The International Journal of Computer and Telecommunications Networking
Flow level detection and filtering of low-rate DDoS

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.01

Visualization

Abstract

Low-rate TCP-targeted Denial-of-Service (DoS) attack (shrew) is a new kind of DoS attack which is based on TCP’s Retransmission Timeout (RTO) mechanism and can severely reduce the throughput of TCP traffic on victim. The paper proposes a novel mechanism which consists of effective detection and response methods. Through analyzing sampled attack traffic, we find that there is a stable difference between attack and legitimate traffic in frequency field, especially in low frequency. We use Sum of Low Frequency Power spectrum (SLFP) for detection. In our algorithm the destination IP address is used as flow label and SLFP is applied to every flow traversing edge router. If shrew is found, all flows to the destination are processed by Aggregated Flows Balance (AFB) at a proper upstream router. Simulation shows that attack traffics are restrained and TCP traffics can obtain enough bandwidth. The result indicates that our mechanism is effective and deployable.