On the self-similar nature of Ethernet traffic (extended version)
IEEE/ACM Transactions on Networking (TON)
Efficient fair queueing using deficit round-robin
IEEE/ACM Transactions on Networking (TON)
Simulation-based comparisons of Tahoe, Reno and SACK TCP
ACM SIGCOMM Computer Communication Review
Self-similarity in World Wide Web traffic: evidence and possible causes
IEEE/ACM Transactions on Networking (TON)
On estimating end-to-end network path properties
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Congestion control for high bandwidth-delay product networks
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Controlling High-Bandwidth Flows at the Congested Router
ICNP '01 Proceedings of the Ninth International Conference on Network Protocols
Exploiting the Transients of Adaptation for RoQ Attacks on Internet Resources
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
IEEE/ACM Transactions on Networking (TON)
Defense against low-rate TCP-targeted denial-of-service attacks
ISCC '04 Proceedings of the Ninth International Symposium on Computers and Communications 2004 Volume 2 (ISCC"04) - Volume 02
Exact indexing of dynamic time warping
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Evaluation of a low-rate DoS attack against iterative servers
Computer Networks: The International Journal of Computer and Telecommunications Networking
Power to the people: securing the internet one edge at a time
Proceedings of the 2007 workshop on Large scale attack defense
Secretly monopolizing the CPU without superuser privileges
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Detecting pulsing denial-of-service attacks with nondeterministic attack intervals
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
On remote exploitation of TCP sender for low-rate flooding denial-of-service attack
IEEE Communications Letters
WONS'09 Proceedings of the Sixth international conference on Wireless On-Demand Network Systems and Services
Defense techniques for low-rate DoS attacks against application servers
Computer Networks: The International Journal of Computer and Telecommunications Networking
Analysis of traffic correlation attacks on router queues
Computer Networks: The International Journal of Computer and Telecommunications Networking
Identity attack and anonymity protection for P2P-VoD systems
Proceedings of the Nineteenth International Workshop on Quality of Service
Hi-index | 0.00 |
In this paper, we consider a distributed mechanism to detect and to defend against the low-rate TCP attack. The low-rate TCP attack is a recently discovered attack. In essence, it is a periodic short burst that exploits the homogeneity of the minimum retransmission timeout (RTO) of TCP flows and forces all affected TCP flows to backoff and enter the retransmission timeout state. When these affected TCP flows timeout and retransmit their packets, the low-rate attack will again send a short burst to force these affected TCP flows to enter RTO again. Therefore these affected TCP flows may be entitled to zero or very low transmission bandwidth. This sort of attack is difficult to identify due to a large family of attack patterns. We propose a distributed detection mechanism to identify the low-rate attack. In particular, we use the dynamic time warping approach to robustly and accurately identify the existence of the low-rate attack. Once the attack is detected, we use a fair resource allocation mechanism to schedule all packets so that (1) the number of affected TCP flows is minimized and, (2) provide sufficient resource protection to those affected TCP flows. Experiments are carried out to quantify the robustness and accuracy of the proposed distributed detection mechanism. In particular, one can achieve a very low false positive/negative when compare to legitimate Internet traffic. Our experiments also illustrate the the efficiency of the defense mechanism across different attack patterns and network topologies.