OPERA: An open-source extensible router architecture for adding new network services and protocols
Journal of Systems and Software
Evaluation of a low-rate DoS attack against iterative servers
Computer Networks: The International Journal of Computer and Telecommunications Networking
Collaborative detection and filtering of shrew DDoS attacks using spectral analysis
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Streaming maximum-minimum filter using no more than three comparisons per element
Nordic Journal of Computing
A router-based technique to mitigate reduction of quality (RoQ) attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Fidelity of network simulation and emulation: A case study of TCP-targeted denial of service attacks
ACM Transactions on Modeling and Computer Simulation (TOMACS)
A TCAM-based solution for integrated traffic anomaly detection and policy filtering
Computer Communications
Detecting pulsing denial-of-service attacks with nondeterministic attack intervals
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Mathematical model for low-rate DoS attacks against application servers
IEEE Transactions on Information Forensics and Security
Towards the perfect DDoS attack: the perfect storm
SARNOFF'09 Proceedings of the 32nd international conference on Sarnoff symposium
Pattern detector: fast detection of suspicious stream patterns for immediate reaction
Proceedings of the 13th International Conference on Extending Database Technology
RateGuard: a robust distributed denial of service (DDoS) defense system
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Defense techniques for low-rate DoS attacks against application servers
Computer Networks: The International Journal of Computer and Telecommunications Networking
A new mechanism for improving robustness of TCP against pulsing denial-of-service attacks
ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science
Survey of low rate DoS attack detection mechanisms
Proceedings of the International Conference & Workshop on Emerging Trends in Technology
Mathematical foundations for the design of a low-rate dos attack to iterative servers (short paper)
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
A novel mechanism to defend against low-rate denial-of-service attacks
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Effect of malicious synchronization
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Low rate dos attack to monoprocess servers
SPC'06 Proceedings of the Third international conference on Security in Pervasive Computing
Using CPU as a traffic co-processing unit in commodity switches
Proceedings of the first workshop on Hot topics in software defined networks
Flow level detection and filtering of low-rate DDoS
Computer Networks: The International Journal of Computer and Telecommunications Networking
Countermeasures on application level low-rate denial-of-service attack
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
| Hi-index | 0.00 |
We consider a distributed approach to detect and to defend against the low-rate TCP attack. The low-rate TCP attack is essentially a periodic short burst which exploits the homogeneity of the minimum retransmission timeout (RTO) of TCP flows and forces all affected TCP flows to back off and enter the retransmission timeout state. This sort of attack is difficult to identify due to a large family of attack patterns. We propose a distributed detection mechanism which uses the dynamic time warping method to robustly and accurately identify the existence of this sort of attack. Once the attack is detected, a fair resource allocation mechanism is used so that (1) the number of affected TCP flows is minimized, and (2) we provide sufficient resource protection for the affected TCP flows. We report experimental results to quantify the robustness and accuracy of the proposed detection mechanism and the efficiency of the defense method.