Random early detection gateways for congestion avoidance
IEEE/ACM Transactions on Networking (TON)
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
End-to-end available bandwidth: measurement methodology, dynamics, and relation with TCP throughput
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Cyber defense technology networking and evaluation
Communications of the ACM - Homeland security
A router-based technique to mitigate reduction of quality (RoQ) attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting pulsing denial-of-service attacks with nondeterministic attack intervals
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
A new mechanism for improving robustness of TCP against pulsing denial-of-service attacks
ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science
Survey of low rate DoS attack detection mechanisms
Proceedings of the International Conference & Workshop on Emerging Trends in Technology
Chaos-based detection of LDoS attacks
Journal of Systems and Software
Hi-index | 0.00 |
High availability in network services is crucial for effective large-scale distributed computing. While distributed denial-of-service (DDoS) attacks through massive packet flooding have baffled researchers for years, a new type of even more detrimental attack—shrew attacks (periodic intensive packet bursts with low average rate)—has recently been identified. Shrew attacks can significantly degrade well-behaved TCP sessions, repel potential new connections, and are very difficult to detect, not to mention defend against, due to its low average rate. We propose a new stateful adaptive queue management technique called HAWK (Halting Anomaly with Weighted choKing) which works by judiciously identifying malicious shrew packet flows using a small flow table and dropping such packets decisively to halt the attack such that well-behaved TCP sessions can re-gain their bandwidth shares. Our NS-2 based extensive performance results indicate that HAWK is highly agile.