Mathematical Foundations for the Design of a Low-Rate DoS Attack to Iterative Servers (Short Paper)

  • Gabriel Maciá-Fernández
  • Jesús E. Díaz-Verdejo
  • Pedro García-Teodoro
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4307)


A low-rate DoS attack to iterative servers has recently appeared as a new approach for defeating services using rates of traffic that could be adjusted to bypass security detection mechanisms. Although the fundamentals and effectiveness of these kind of attacks are known, it is not clear how to design the attack to achieve specific constraints based on the used rate and the efficiency in denial of service obtained. In this paper, a comprehensive mathematical framework that models the behaviour of the attack is presented. The main contribution of this model is to give a better understanding of the dynamics of these kind of attacks, in order to facilitate the development of detection and defense mechanisms.


Idle Time Calculation Point Intrusion Detection System Round Trip Time Mathematical Foundation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    CERT coordination Center. Denial of Service Attacks, available from:
  2. 2.
    Williams, M.: Ebay, Amazon, hit by attacks, 02/09/00. IDG News Service (02/09/2000),
  3. 3.
    Global Incident Analysis Center - Special Notice - Egress filtering, available from:
  4. 4.
    Ferguson, P., Senie, D.: Network ingress filtering: defeating Denial of Service attacks which employ IP source address spoofing. RFC 2827 (2001)Google Scholar
  5. 5.
    Geng, X., Whinston, A.B.: Defeating Distributed Denial of Service attacks. IEEE IT Professional 2(4), 36–42 (2000)CrossRefGoogle Scholar
  6. 6.
    Weiler, N.: Honeypots for Distributed Denial of Service. In: Proceedings of the Eleventh IEEE International Workshops Enabling Technologies: Infrastructure for Collaborative Enterprises 2002, Pitsburgh, PA, USA, June 2002, pp. 109–114 (2002)Google Scholar
  7. 7.
    Axelsson, S.: Intrusion detection systems: a survey and taxonomy. Department of Computer Engineering, Chalmers University, Goteborg, Sweden. Technical Report 99-15 (March 2000)Google Scholar
  8. 8.
    Maciá-Fernández, G., Díaz-Verdejo, J.E., García-Teodoro, P.: Low Rate DoS Attack to Monoprocess Servers. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds.) SPC 2006. LNCS, vol. 3934, pp. 43–57. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Kuzmanovic, A., Knightly, E.: Low Rate TCP-targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants). In: Proc. ACM SIGCOMM 2003, August 2003, pp. 75–86 (2003)Google Scholar
  10. 10.
    Sun, H., Lui, J.C.S., Yau, D.K.Y.: Defending Against Low-Rate TCP Attacks: Dynamic Detection and Protection. In: Proc. IEEE Conference on Network Protocols (ICNP 2004), October 2004, pp. 196–205 (2004)Google Scholar
  11. 11.
    Shevtekar, A., Anantharam, K., Ansari, N.: Low Rate TCP Denial-of-Service Attack Detection at Edge Routers. IEEE Communications Letters 9(4), 363–365 (2005)CrossRefGoogle Scholar
  12. 12.
    Network Simulator 2, available at:

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Gabriel Maciá-Fernández
    • 1
  • Jesús E. Díaz-Verdejo
    • 1
  • Pedro García-Teodoro
    • 1
  1. 1.Dpt. of Signal Theory, Telematics and CommunicationsUniversity of GranadaGranadaSpain

Personalised recommendations