Optimizing the pulsing denial-of-service attacks

In this paper we consider how to optimize a new generation of pulsing denial-of-service (PDoS) attacks from the attackers' points of views. The PDoS attacks are 'smarter' than the traditional attacks in several aspects. The most obvious one is that they require fewer attack packets to cause a similar damage. Another is that the PDoS attacks can be tuned to achieve different effects. This paper concentrates on the attack tuning part. In particular, we consider two conflicting goals involved in launching a PDoS attack: (1) maximizing the throughput degradation and (2) minimizing the risk of being detected. To address this problem, we first analyze the TCP throughput and quasi-global synchronization phenomenon caused by the PDoS attack. We then propose a family of objective functions to incorporate the two conflicting goals, and obtain the optimal attack settings. To validate the analytical results, we have carried out extensive experiments using both ns-2 simulation and a test-bed. The overall experimental results match well with the analytical results.

[1]  Luigi Rizzo,et al.  Dummynet: a simple approach to the evaluation of network protocols , 1997, CCRV.

[2]  Vern Paxson,et al.  TCP Congestion Control , 1999, RFC.

[3]  Yang Richard Yang,et al.  General AIMD congestion control , 2000, Proceedings 2000 International Conference on Network Protocols.

[4]  Ratul Mahajan,et al.  Controlling High Bandwidth Aggregates in the Network (Extended Version) , 2001 .

[5]  R. Power CSI/FBI computer crime and security survey , 2001 .

[6]  Eamonn J. Keogh,et al.  Locally adaptive dimensionality reduction for indexing large time series databases , 2001, SIGMOD '01.

[7]  Kihong Park,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[8]  Thomas Bonald,et al.  Statistical bandwidth sharing: a study of congestion at flow level , 2001, SIGCOMM.

[9]  Vern Paxson,et al.  An analysis of using reflectors for distributed denial-of-service attacks , 2001, CCRV.

[10]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[11]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[12]  A. Kuzmanovic,et al.  Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants , 2003, SIGCOMM '03.

[13]  Dan Schnackenberg,et al.  Statistical approaches to DDoS attack detection and response , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[14]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[15]  David K. Y. Yau,et al.  Defending against low-rate TCP attacks: dynamic detection and protection , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[16]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[17]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[18]  Guido Appenzeller,et al.  Sizing router buffers , 2004, SIGCOMM '04.

[19]  Sally Floyd,et al.  The NewReno Modification to TCP's Fast Recovery Algorithm , 2004, RFC.

[20]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[21]  Mina Guirguis,et al.  Exploiting the transients of adaptation for RoQ attacks on Internet resources , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[22]  Xiapu Luo,et al.  On a New Class of Pulsing Denial-of-Service Attacks and the Defense , 2005, NDSS.

[23]  Xiapu Luo,et al.  Vanguard: A New Detection Scheme for a Class of TCP-targeted Denial-of-Service Attacks , 2006, 2006 IEEE/IFIP Network Operations and Management Symposium NOMS 2006.