A Low-Rate DoS Detection Based on Rate Anomalies

Low-rate Denial-of-Service attacks are stealthier and trickier than traditional DDoS attacks. According to the characteristic of periodicity and short burst in LDoS flows, a detection measure against LDoS attacks based on rate anomalies has been proposed. In the period when the router packet loss-rate is abnormal caused by the attack pulse, the rate of attack flow is large, while in other time the rate of attack flow is close to 0. In the view point of the periods that the packet loss is abnormal, we can find that the attack flow rate is far higher in these periods than the average rate, while the normal flow is lower to the average rate. In this paper, we proposed a measure that observes the flow rate in the periods that the packet loss rate is abnormal, computing the difference of the rate in these periods and the average rate. If it is beyond a certain threshold, treats the flow as a malicious flow and filters the flow with corresponding method.

[1]  David K. Y. Yau,et al.  Defending against low-rate TCP attacks: dynamic detection and protection , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[2]  Andreas Terzis,et al.  On the effect of router buffer sizes on low-rate denial of service attacks , 2005, Proceedings. 14th International Conference on Computer Communications and Networks, 2005. ICCCN 2005..

[3]  Yuting Zhang,et al.  Reduction of quality (RoQ) attacks on Internet end-systems , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[4]  Kai Hwang,et al.  Collaborative detection and filtering of shrew DDoS attacks using spectral analysis , 2006, J. Parallel Distributed Comput..

[5]  Mun Choon Chan,et al.  Effect of Malicious Synchronization , 2006, ACNS.

[6]  Kai Hwang,et al.  HAWK: Halting Anomalies with Weighted Choking to Rescue Well-Behaved TCP Sessions from Shrew DDoS Attacks , 2005, ICCNMC.

[7]  Mina Guirguis,et al.  Exploiting the transients of adaptation for RoQ attacks on Internet resources , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[8]  E. L. Harder,et al.  The Institute of Electrical and Electronics Engineers, Inc. , 2019, 2019 IEEE International Conference on Software Architecture Companion (ICSA-C).

[9]  David K. Y. Yau,et al.  Distributed mechanism in detecting and defending against the low-rate TCP attack , 2006, Comput. Networks.