Abstract
Low-rate TCP-targeted Denial-of-Service (DoS) attack (shrew) is a new kind of DoS attack which is based on TCP’s Retransmission Timeout (RTO) mechanism and can severely reduce the throughput of TCP traffic on victim. The paper proposes a novel mechanism which consists of effective detection and response methods. Through analyzing sampled attack traffic, we find that there is a stable difference between attack and legitimate traffic in frequency field, especially in low frequency. We use Sum of Low Frequency Power spectrum (SLFP) for detection. In our algorithm the destination IP address is used as flow label and SLFP is applied to every flow traversing edge router. If shrew is found, all flows to the destination are processed by Aggregated Flows Balance (AFB) at a proper upstream router. Simulation shows that attack traffics are restrained and TCP traffics can obtain enough bandwidth. The result indicates that our mechanism is effective and deployable.
Funded by National Natural Science Foundation of China (60503061); Zhejiang Provincial Natural Science Foundation (Y104437); Zhejiang Provincial Science and Technology Program (2005C33034); The Program for New Century Excellent Talents in University (NCET-04-0535); The Program for New Century 151 Outstanding Scholar of Zhejiang Province.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kuzmanovic, A., Knightly, E.: Low-rate TCP-targeted denial of service attacks (the shrew vs. the mice and elephants). In: Proceedings of ACM SIGCOMM 2003 (August 2003)
Postel, J.: Transmission control protocol. Internet RFC 793 (September 1981)
Jacobson, V.: Congestion avoidance and control. Computer Communication Review 18(4), 314–329 (1988)
Allman, M., Paxson, V.: On estimating end-to-end network path properties. Computer Communication Review 29(4), 263–274 (1999)
Sarat, S., Terzis, A.: On the effect of router buffer sizes on low-rate denial of service attacks. In: Proceedings of 14th International Conference on Computer Communications and Networks (ICCCN 2005), pp. 281–286 (October 2005)
Tsao, J., Efstathopoulos, P.: Low-rate TCP-targeted denial of service attack defense. Advanced Computer Networks (2003)
Yang, G., Gerla, M., Sanadidi, M.P.: Defense against low-rate TCP targeted denial-of-service attacks. In: Proceedings of 9th International Symposium on Computers and Communications (ISCC 2004), vol. 1, pp. 345–350 (2004)
Shevtekar, A., Karunakar, A., Ansari, N.: Low rate TCP denial-of-service attack detection at edge routers. IEEE Communications Letters 9(4), 363–365 (2005)
Luo, X., Chang, R.K.C.: On a new class of pulsing denial-of-service attacks and the defense. In: Proceedings of Network and Distributed System Security Symposium, NDSS 2005 (February 2005)
Chen, Y., Kwok, Y.K., Hwang, K.: Filtering shrew DDoS attacks using a new frequency-domain approach. In: Proceedings of 1st IEEE LCN Workshop on Network Security, WoNS 2005 (June 2005)
Sun, H., Lui, J.C.S., Yau, D.K.Y.: Defending against low-rate TCP attacks: dynamic detection and protection. In: Proceedings of 12th IEEE International Conference on Network Protocols (ICNP 2004), pp. 196–205 (2004)
Hussain, A., Heidemann, J., Papadopoulos, C.: Distinguishing between single and multi-source attacks using signal processing. Computer Networks 46(4), 479–503 (2004)
Cheng, C.M., Tan, K.S., Kung, H.T.: Use of spectral analysis in defense against DoS attacks. In: Proceedings of IEEE Global Telecommunications Conference (Globecom 2002), vol. 3, pp. 2143–2148 (2002)
Jin, G., Yang, J.: Deterministic Packet Marking based on Redundant Decomposition for IP Traceback. IEEE Communications Letters 10(3), 204–206 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wei, W., Dong, Y., Lu, D., Jin, G., Lao, H. (2006). A Novel Mechanism to Defend Against Low-Rate Denial-of-Service Attacks. In: Mehrotra, S., Zeng, D.D., Chen, H., Thuraisingham, B., Wang, FY. (eds) Intelligence and Security Informatics. ISI 2006. Lecture Notes in Computer Science, vol 3975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11760146_23
Download citation
DOI: https://doi.org/10.1007/11760146_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34478-0
Online ISBN: 978-3-540-34479-7
eBook Packages: Computer ScienceComputer Science (R0)