Using signal processing to analyze wireless data traffic
WiSE '02 Proceedings of the 1st ACM workshop on Wireless security
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Controlling High-Bandwidth Flows at the Congested Router
ICNP '01 Proceedings of the Ninth International Conference on Network Protocols
Cyber defense technology networking and evaluation
Communications of the ACM - Homeland security
Defending Against Low-Rate TCP Attacks: Dynamic Detection and Protection
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
A Framework for Rule Processing in Reconfigurable Network Systems
FCCM '05 Proceedings of the 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Performance Analysis of TCP/AQM Under Denial-of-Service Attacks
MASCOTS '05 Proceedings of the 13th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems
Filtering of Shrew DDoS Attacks in Frequency Domain
LCN '05 Proceedings of the The IEEE Conference on Local Computer Networks 30th Anniversary
Collaborative Change Detection of DDoS Attacks on Community and ISP Networks
CTS '06 Proceedings of the International Symposium on Collaborative Technologies and Systems
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
Distributed change-point detection of DDoS attacks: experimental results on DETER testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
A router-based technique to mitigate reduction of quality (RoQ) attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting distributed network traffic anomaly with network-wide correlation analysis
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
International Journal of Information and Computer Security
Detecting pulsing denial-of-service attacks with nondeterministic attack intervals
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Mathematical model for low-rate DoS attacks against application servers
IEEE Transactions on Information Forensics and Security
WONS'09 Proceedings of the Sixth international conference on Wireless On-Demand Network Systems and Services
DDoS flooding attack detection scheme based on F-divergence
Computer Communications
Flow level detection and filtering of low-rate DDoS
Computer Networks: The International Journal of Computer and Telecommunications Networking
Chaos-based detection of LDoS attacks
Journal of Systems and Software
Countermeasures on application level low-rate denial-of-service attack
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
| Hi-index | 0.00 |
This paper presents a new spectral template-matching approach to countering shrew distributed denial-of-service (DDoS) attacks. These attacks are stealthy, periodic, pulsing, and low-rate in attack volume, very different from the flooding type of attacks. They are launched with high narrow spikes in very low frequency, periodically. Thus, shrew attacks may endanger the victim systems for a long time without being detected. In other words, such attacks may reduce the quality of services unnoticeably. Our defense method calls for collaborative detection and filtering (CDF) of shrew DDoS attacks. We detect shrew attack flows hidden in legitimate TCP/UDP streams by spectral analysis against pre-stored template of average attack spectral characteristics. This novel scheme is suitable for either software or hardware implementation. The CDF scheme is implemented with the NS-2 network simulator using real-life Internet background traffic mixed with attack datasets used by established research groups. Our simulated results show high detection accuracy by merging alerts from cooperative routers. Both theoretical modeling and simulation experimental results are reported here. The experiments achieved up to 95% successful detection of network anomalies along with a low 10% false positive alarms. The scheme cuts off malicious flows containing shrew attacks using a newly developed packet-filtering scheme. Our filtering scheme retained 99% of legitimate TCP flows, compared with only 20% TCP flows retained by using the Drop Tail algorithm. The paper also considers DSE FPGA, and network processor implementation issues and discusses limitations and further research challenges.