NBHU-based method to counter quiet DDoS attacks

The Quiet DDoS attack becomes one of the most severely threat to the network safety, because this kind of attack completely adopts legal TCP flow while distributing its destination IP to evade various countermeasures deployed in the network. However, the high distributed degree of the destination IP becomes one characteristics of the attack. However, we think this characteristic make partially of the attack flow not match the behavior habit of network users. Inspired by this viewpoint, we propose a novel method to counter the Quiet DDoS attack based on the NBHU (network behavior habit of users). Furthermore, we carry on simulation of our method using NS2 platform, and the results show that this method can reduce the attack performance.

[1]  Nirwan Ansari,et al.  Is it congestion or a DDoS attack? , 2009, IEEE Communications Letters.

[2]  Aleksandar Kuzmanovic,et al.  Low-rate TCP-targeted denial of service attacks and counter strategies , 2003, IEEE/ACM Transactions on Networking.

[3]  Mina Guirguis,et al.  Exploiting the transients of adaptation for RoQ attacks on Internet resources , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[4]  Xiapu Luo,et al.  On a New Class of Pulsing Denial-of-Service Attacks and the Defense , 2005, NDSS.

[5]  Ping Wang,et al.  A New User-Habit Based Approach for Early Warning of Worms , 2005, CIS.

[6]  Jing Zhang,et al.  Simulation and Analysis of Quiet DDOS Attacks , 2012 .

[7]  Yuting Zhang,et al.  Reduction of quality (RoQ) attacks on Internet end-systems , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[8]  Aleksandar Kuzmanovic,et al.  Low-rate TCP-targeted denial of service attacks and counter strategies , 2006, TNET.

[9]  Chen Xin HPBR:host packet behavior ranking model used in worm detection , 2008 .

[10]  Peng Da-wei User-habit based early warning of worm , 2006 .

[11]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.