skip to main content
10.1145/3155133.3155161acmotherconferencesArticle/Chapter ViewAbstractPublication PagessoictConference Proceedingsconference-collections
research-article

Using CPR Metric to Detect and Filter Low-Rate DDoS Flows

Published: 07 December 2017 Publication History

Abstract

TCP-targeted low-rate distributed denial-of-service (LDDoS) attacks pose a serious challenge to the reliability and security of the Internet. Among various proposed solutions, we are particularly interested in the Congestion Participation Rate (CPR) metric and the CPR-based approach. Through a simulation study, we show that the existing algorithm cannot simultaneously achieve high TCP throughput while under attack and good fairness performance for new legitimate TCP flows in normal times. We then propose a new version of the CPR-based approach to overcome the tradeoff. Simulation results show that it preserves TCP throughput while under attack fairly well, yet maintains fairness for new TCP flows in normal times.

References

[1]
2005. NS-2 simulator. http://www.isi.edu/nsnam/ns/. (2005).
[2]
2011. AQM&DoS simulation platform. https://sites.google.com/site/cwzhangres/home/posts/aqmdossimulationplatform/. (2011).
[3]
B. Braden, D. Clark, and many others. 1998. Recommendations on queue management and congestion avoidance in the Internet. RFC 2309.
[4]
S. Floyd and V. Jacobson. 1993. Random early detection gateways for congestion avoidance. IEEE/ACM Transactions on Networking 1, 4 (1993), 397--413.
[5]
V. Jacobson and M. Karels. 1988. Congestion avoidance and control. ACM Computer Comm. Review 18, 4 (1988), 314--329.
[6]
A. Kuzmanovic and E. Knightly. 2003. Low-rate TCP-targeted denial of service attacks (The shrew vs. the mice and elephants). In Proceedings of ACM SIGCOMM.
[7]
V. Paxson and M. Allman. 1999. On estimating end-to-end network path properties. In Proceedings of ACM SIGCOMM.
[8]
V. Paxson, M. Allman, J. Chu, and M. Sargent. 2011. Computing TCP's retransmission timer. RFC 6298.
[9]
G. Yang, M. Gerla, and M. Sanadidi. 2004. Defense against low-rate TCP-targeted denial-of-service attacks. In IEEE Symposium on Computers and Communications.
[10]
C. Zhang, Z. Cai, W. Chen, X. Luo, and J. Yin. 2012. Flow level detection and filtering of low-rate DDoS. Elsevier Computer Networks (2012).
[11]
C. Zhang, J. Yin, Z. Cai, and W. Chen. 2010. RRED: Robust RED algorithm to counter low-rate denial-of-service attacks. IEEE Communications Letters 14, 5 (2010).

Cited By

View all
  • (2025)An LDDoS Attack Detection Method Based on Behavioral Characteristics and Stacking MechanismIoT10.3390/iot60100076:1(7)Online publication date: 21-Jan-2025
  • (2020)A Way to Estimate TCP Throughput under Low-Rate DDoS Attacks: One TCP Flow2020 RIVF International Conference on Computing and Communication Technologies (RIVF)10.1109/RIVF48685.2020.9140777(1-8)Online publication date: Oct-2020
  • (2020)A Flexible SDN-Based Architecture for Identifying and Mitigating Low-Rate DDoS Attacks Using Machine LearningIEEE Access10.1109/ACCESS.2020.30193308(155859-155872)Online publication date: 2020

Index Terms

  1. Using CPR Metric to Detect and Filter Low-Rate DDoS Flows

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    SoICT '17: Proceedings of the 8th International Symposium on Information and Communication Technology
    December 2017
    486 pages
    ISBN:9781450353281
    DOI:10.1145/3155133
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    In-Cooperation

    • SOICT: School of Information and Communication Technology - HUST
    • NAFOSTED: The National Foundation for Science and Technology Development

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 07 December 2017

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. AQM
    2. Low-rate DDoS attack
    3. RED
    4. TCP

    Qualifiers

    • Research-article
    • Research
    • Refereed limited

    Conference

    SoICT 2017

    Acceptance Rates

    Overall Acceptance Rate 147 of 318 submissions, 46%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)1
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 13 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2025)An LDDoS Attack Detection Method Based on Behavioral Characteristics and Stacking MechanismIoT10.3390/iot60100076:1(7)Online publication date: 21-Jan-2025
    • (2020)A Way to Estimate TCP Throughput under Low-Rate DDoS Attacks: One TCP Flow2020 RIVF International Conference on Computing and Communication Technologies (RIVF)10.1109/RIVF48685.2020.9140777(1-8)Online publication date: Oct-2020
    • (2020)A Flexible SDN-Based Architecture for Identifying and Mitigating Low-Rate DDoS Attacks Using Machine LearningIEEE Access10.1109/ACCESS.2020.30193308(155859-155872)Online publication date: 2020

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media