Random early detection gateways for congestion avoidance
IEEE/ACM Transactions on Networking (TON)
Dynamics of random early detection
SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Promoting the use of end-to-end congestion control in the Internet
IEEE/ACM Transactions on Networking (TON)
Modeling TCP Reno performance: a simple model and its empirical validation
IEEE/ACM Transactions on Networking (TON)
Modeling TCP behavior in a differentiated services network
IEEE/ACM Transactions on Networking (TON)
The BLUE active queue management algorithms
IEEE/ACM Transactions on Networking (TON)
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Gigascope: a stream database for network applications
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
Controlling High-Bandwidth Flows at the Congested Router
ICNP '01 Proceedings of the Ninth International Conference on Network Protocols
An empirical evaluation of wide-area internet bottlenecks
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Estimating loss rates with TCP
ACM SIGMETRICS Performance Evaluation Review
DDoS attacks and defense mechanisms: classification and state-of-the-art
Computer Networks: The International Journal of Computer and Telecommunications Networking
An adaptive virtual queue (AVQ) algorithm for active queue management
IEEE/ACM Transactions on Networking (TON)
Data streaming algorithms for efficient and accurate estimation of flow size distribution
Proceedings of the joint international conference on Measurement and modeling of computer systems
Exploiting the Transients of Adaptation for RoQ Attacks on Internet Resources
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Defending Against Low-Rate TCP Attacks: Dynamic Detection and Protection
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Performance Analysis of TCP/AQM Under Denial-of-Service Attacks
MASCOTS '05 Proceedings of the 13th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems
Defending Against TCP SYN Flooding Attacks Under Different Types of IP Spoofing
ICNICONSMCL '06 Proceedings of the International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
Low-rate TCP-targeted denial of service attacks and counter strategies
IEEE/ACM Transactions on Networking (TON)
Evaluation of a low-rate DoS attack against iterative servers
Computer Networks: The International Journal of Computer and Telecommunications Networking
Collaborative detection and filtering of shrew DDoS attacks using spectral analysis
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
A router-based technique to mitigate reduction of quality (RoQ) attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
On the state of IP spoofing defense
ACM Transactions on Internet Technology (TOIT)
On the detection of signaling DoS attacks on 3G/WiMax wireless networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting pulsing denial-of-service attacks with nondeterministic attack intervals
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Mathematical model for low-rate DoS attacks against application servers
IEEE Transactions on Information Forensics and Security
RRED: robust RED algorithm to counter low-rate denial-of-service attacks
IEEE Communications Letters
Protection Against Denial of Service Attacks
The Computer Journal
Defense techniques for low-rate DoS attacks against application servers
Computer Networks: The International Journal of Computer and Telecommunications Networking
A novel mechanism to defend against low-rate denial-of-service attacks
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
The taming of the shrew: mitigating low-rate TCP-targeted attack
IEEE Transactions on Network and Service Management
Defending against flooding-based distributed denial-of-service attacks: a tutorial
IEEE Communications Magazine
Packet-level traffic measurements from the Sprint IP backbone
IEEE Network: The Magazine of Global Internetworking
Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics
IEEE Transactions on Information Forensics and Security
Hi-index | 0.00 |
The recently proposed TCP-targeted Low-rate Distributed Denial-of-Service (LDDoS) attacks send fewer packets to attack legitimate flows by exploiting the vulnerability in TCP's congestion control mechanism. They are difficult to detect while causing severe damage to TCP-based applications. Existing approaches can only detect the presence of an LDDoS attack, but fail to identify LDDoS flows. In this paper, we propose a novel metric - Congestion Participation Rate (CPR) - and a CPR-based approach to detect and filter LDDoS attacks by their intention to congest the network. The major innovation of the CPR-base approach is its ability to identify LDDoS flows. A flow with a CPR higher than a predefined threshold is classified as an LDDoS flow, and consequently all of its packets will be dropped. We analyze the effectiveness of CPR theoretically by quantifying the average CPR difference between normal TCP flows and LDDoS flows and showing that CPR can differentiate them. We conduct ns-2 simulations, test-bed experiments, and Internet traffic trace analysis to validate our analytical results and evaluate the performance of the proposed approach. Experimental results demonstrate that the proposed CPR-based approach is substantially more effective compared to an existing Discrete Fourier Transform (DFT)-based approach - one of the most efficient approaches in detecting LDDoS attacks. We also provide experimental guidance to choose the CPR threshold in practice.