Skip to main content
SpringerLink
Log in

A Novel Mechanism to Defend Against Low-Rate Denial-of-Service Attacks

  • Conference paper
Intelligence and Security Informatics (ISI 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3975))

Included in the following conference series:

Abstract

Low-rate TCP-targeted Denial-of-Service (DoS) attack (shrew) is a new kind of DoS attack which is based on TCP’s Retransmission Timeout (RTO) mechanism and can severely reduce the throughput of TCP traffic on victim. The paper proposes a novel mechanism which consists of effective detection and response methods. Through analyzing sampled attack traffic, we find that there is a stable difference between attack and legitimate traffic in frequency field, especially in low frequency. We use Sum of Low Frequency Power spectrum (SLFP) for detection. In our algorithm the destination IP address is used as flow label and SLFP is applied to every flow traversing edge router. If shrew is found, all flows to the destination are processed by Aggregated Flows Balance (AFB) at a proper upstream router. Simulation shows that attack traffics are restrained and TCP traffics can obtain enough bandwidth. The result indicates that our mechanism is effective and deployable.

Funded by National Natural Science Foundation of China (60503061); Zhejiang Provincial Natural Science Foundation (Y104437); Zhejiang Provincial Science and Technology Program (2005C33034); The Program for New Century Excellent Talents in University (NCET-04-0535); The Program for New Century 151 Outstanding Scholar of Zhejiang Province.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kuzmanovic, A., Knightly, E.: Low-rate TCP-targeted denial of service attacks (the shrew vs. the mice and elephants). In: Proceedings of ACM SIGCOMM 2003 (August 2003)

    Google Scholar 

  2. Postel, J.: Transmission control protocol. Internet RFC 793 (September 1981)

    Google Scholar 

  3. Jacobson, V.: Congestion avoidance and control. Computer Communication Review 18(4), 314–329 (1988)

    Article  Google Scholar 

  4. Allman, M., Paxson, V.: On estimating end-to-end network path properties. Computer Communication Review 29(4), 263–274 (1999)

    Article  Google Scholar 

  5. Sarat, S., Terzis, A.: On the effect of router buffer sizes on low-rate denial of service attacks. In: Proceedings of 14th International Conference on Computer Communications and Networks (ICCCN 2005), pp. 281–286 (October 2005)

    Google Scholar 

  6. Tsao, J., Efstathopoulos, P.: Low-rate TCP-targeted denial of service attack defense. Advanced Computer Networks (2003)

    Google Scholar 

  7. Yang, G., Gerla, M., Sanadidi, M.P.: Defense against low-rate TCP targeted denial-of-service attacks. In: Proceedings of 9th International Symposium on Computers and Communications (ISCC 2004), vol. 1, pp. 345–350 (2004)

    Google Scholar 

  8. Shevtekar, A., Karunakar, A., Ansari, N.: Low rate TCP denial-of-service attack detection at edge routers. IEEE Communications Letters 9(4), 363–365 (2005)

    Google Scholar 

  9. Luo, X., Chang, R.K.C.: On a new class of pulsing denial-of-service attacks and the defense. In: Proceedings of Network and Distributed System Security Symposium, NDSS 2005 (February 2005)

    Google Scholar 

  10. Chen, Y., Kwok, Y.K., Hwang, K.: Filtering shrew DDoS attacks using a new frequency-domain approach. In: Proceedings of 1st IEEE LCN Workshop on Network Security, WoNS 2005 (June 2005)

    Google Scholar 

  11. Sun, H., Lui, J.C.S., Yau, D.K.Y.: Defending against low-rate TCP attacks: dynamic detection and protection. In: Proceedings of 12th IEEE International Conference on Network Protocols (ICNP 2004), pp. 196–205 (2004)

    Google Scholar 

  12. Hussain, A., Heidemann, J., Papadopoulos, C.: Distinguishing between single and multi-source attacks using signal processing. Computer Networks 46(4), 479–503 (2004)

    Article  Google Scholar 

  13. Cheng, C.M., Tan, K.S., Kung, H.T.: Use of spectral analysis in defense against DoS attacks. In: Proceedings of IEEE Global Telecommunications Conference (Globecom 2002), vol. 3, pp. 2143–2148 (2002)

    Google Scholar 

  14. Jin, G., Yang, J.: Deterministic Packet Marking based on Redundant Decomposition for IP Traceback. IEEE Communications Letters 10(3), 204–206 (2006)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Computer Science and Technology, Zhejiang University, Hangzhou, 310027, P.R. China

    Wei Wei, Yabo Dong, Dongming Lu & Guang Jin

  2. College of Information Science and Engineering, Ningbo University, Ningbo, 315211, P.R. China

    Guang Jin

  3. Department of Electrical Engineering, University of Southern California, Los Angeles, CA, 90089-2564, USA

    Honglan Lao

Authors
  1. Wei Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yabo Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dongming Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Guang Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Honglan Lao
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information and Computer Science, University of California, Irvine

    Sharad Mehrotra

  2. MIS Department, University of Arizona, 85721, Tucson, AZ, USA

    Daniel D. Zeng

  3. Department of Management Information Systems, Eller College of Management, The University of Arizona, 85721, AZ, USA

    Hsinchun Chen

  4. University of Texas at Dallas,  

    Bhavani Thuraisingham

  5. Chinese Academy of Sciences, 100190, Beijing, China

    Fei-Yue Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wei, W., Dong, Y., Lu, D., Jin, G., Lao, H. (2006). A Novel Mechanism to Defend Against Low-Rate Denial-of-Service Attacks. In: Mehrotra, S., Zeng, D.D., Chen, H., Thuraisingham, B., Wang, FY. (eds) Intelligence and Security Informatics. ISI 2006. Lecture Notes in Computer Science, vol 3975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11760146_23

Download citation

  • DOI: https://doi.org/10.1007/11760146_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34478-0

  • Online ISBN: 978-3-540-34479-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation