Defense against low-rate TCP-targeted denial-of-service attacks

Authors:
Guang Yang;M. Gerla;M. Y. Sanadidi
Affiliations:
Dept. of Comput. Sci., California Univ., Los Angeles, CA, USA;Dept. of Comput. Sci., California Univ., Los Angeles, CA, USA;Dept. of Comput. Sci., California Univ., Los Angeles, CA, USA
Venue:
ISCC '04 Proceedings of the Ninth International Symposium on Computers and Communications 2004 Volume 2 (ISCC"04) - Volume 02
Year:
2004

Citing 0
Cited 10

Distributed mechanism in detecting and defending against the low-rate TCP attack

Computer Networks: The International Journal of Computer and Telecommunications Networking
Evaluation of a low-rate DoS attack against iterative servers

Computer Networks: The International Journal of Computer and Telecommunications Networking
A router-based technique to mitigate reduction of quality (RoQ) attacks

Computer Networks: The International Journal of Computer and Telecommunications Networking
A TCAM-based solution for integrated traffic anomaly detection and policy filtering

Computer Communications
Mathematical model for low-rate DoS attacks against application servers

IEEE Transactions on Information Forensics and Security
Defense techniques for low-rate DoS attacks against application servers

Computer Networks: The International Journal of Computer and Telecommunications Networking
A new mechanism for improving robustness of TCP against pulsing denial-of-service attacks

ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science
Survey of low rate DoS attack detection mechanisms

Proceedings of the International Conference & Workshop on Emerging Trends in Technology
A novel mechanism to defend against low-rate denial-of-service attacks

ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Low rate dos attack to monoprocess servers

SPC'06 Proceedings of the Third international conference on Security in Pervasive Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Low-rate TCP-targeted denial-of-service (DoS) attacks aim at the fact that most operating systems in use today have a common base TCP retransmission timeout (RTO) of 1 sec. An attacker injects periodic bursts of packets to fill the bottleneck queue and forces TCP connections to timeout with near-zero throughput. This work proposes randomization on TCP RTO as defense against such attacks. With RTO randomization, an attacker cannot predict the next TCP timeout and consequently cannot inject the burst at the exact instant. An analytic performance model on the throughput of randomized TCP is developed and validated. Simulation results show that randomization can effectively mitigate the impact of such DoS attacks while maintaining fairness and friendliness to other connections.