A Novel Mechanism to Defend Against Low-Rate Denial-of-Service Attacks
Low-rate TCP-targeted Denial-of-Service (DoS) attack (shrew) is a new kind of DoS attack which is based on TCP’s Retransmission Timeout (RTO) mechanism and can severely reduce the throughput of TCP traffic on victim. The paper proposes a novel mechanism which consists of effective detection and response methods. Through analyzing sampled attack traffic, we find that there is a stable difference between attack and legitimate traffic in frequency field, especially in low frequency. We use Sum of Low Frequency Power spectrum (SLFP) for detection. In our algorithm the destination IP address is used as flow label and SLFP is applied to every flow traversing edge router. If shrew is found, all flows to the destination are processed by Aggregated Flows Balance (AFB) at a proper upstream router. Simulation shows that attack traffics are restrained and TCP traffics can obtain enough bandwidth. The result indicates that our mechanism is effective and deployable.
KeywordsRound Trip Time Power Spectrum Density Traffic Class Edge Router Burst Length
Unable to display preview. Download preview PDF.
- 1.Kuzmanovic, A., Knightly, E.: Low-rate TCP-targeted denial of service attacks (the shrew vs. the mice and elephants). In: Proceedings of ACM SIGCOMM 2003 (August 2003)Google Scholar
- 2.Postel, J.: Transmission control protocol. Internet RFC 793 (September 1981)Google Scholar
- 5.Sarat, S., Terzis, A.: On the effect of router buffer sizes on low-rate denial of service attacks. In: Proceedings of 14th International Conference on Computer Communications and Networks (ICCCN 2005), pp. 281–286 (October 2005)Google Scholar
- 6.Tsao, J., Efstathopoulos, P.: Low-rate TCP-targeted denial of service attack defense. Advanced Computer Networks (2003)Google Scholar
- 7.Yang, G., Gerla, M., Sanadidi, M.P.: Defense against low-rate TCP targeted denial-of-service attacks. In: Proceedings of 9th International Symposium on Computers and Communications (ISCC 2004), vol. 1, pp. 345–350 (2004)Google Scholar
- 8.Shevtekar, A., Karunakar, A., Ansari, N.: Low rate TCP denial-of-service attack detection at edge routers. IEEE Communications Letters 9(4), 363–365 (2005)Google Scholar
- 9.Luo, X., Chang, R.K.C.: On a new class of pulsing denial-of-service attacks and the defense. In: Proceedings of Network and Distributed System Security Symposium, NDSS 2005 (February 2005)Google Scholar
- 10.Chen, Y., Kwok, Y.K., Hwang, K.: Filtering shrew DDoS attacks using a new frequency-domain approach. In: Proceedings of 1st IEEE LCN Workshop on Network Security, WoNS 2005 (June 2005)Google Scholar
- 11.Sun, H., Lui, J.C.S., Yau, D.K.Y.: Defending against low-rate TCP attacks: dynamic detection and protection. In: Proceedings of 12th IEEE International Conference on Network Protocols (ICNP 2004), pp. 196–205 (2004)Google Scholar
- 13.Cheng, C.M., Tan, K.S., Kung, H.T.: Use of spectral analysis in defense against DoS attacks. In: Proceedings of IEEE Global Telecommunications Conference (Globecom 2002), vol. 3, pp. 2143–2148 (2002)Google Scholar