论文信息 - The detection of low-rate denial-of-service attack based on feature extraction and analysis at congestion times

The detection of low-rate denial-of-service attack based on feature extraction and analysis at congestion times

Low-rate denial-of-service Attack takes effect by exploiting the vulnerability of the adaptive behaviours exhibited by network protocols. It aims at substantially decreasing the throughput of victims by sending periodical low-rate pulse, which affects TCP flows to back off and enter the retransmission timeout state. It is hard to identify or defend due to its low-rated character. The paper analyzes the principles of attack and the deficiency of existing methods. We extract two basic signatures of LDoS Attack and propose a mechanism to detect and filter the malicious flow. Our experiments indicate that this mechanism can effictively detect the malicious flow in simulation. It can reduce false positives of LDoS Attack detection schemes and increase the throughput of the routers.

Gang Li | Feng Yu | Ming Cui

[1] W. Richard Stevens,et al. TCP/IP Illustrated, Volume 1: The Protocols , 1994 .

[2] Xiapu Luo,et al. On a New Class of Pulsing Denial-of-Service Attacks and the Defense , 2005, NDSS.

[3] Manish Jain,et al. End-to-end available bandwidth: measurement methodology, dynamics, and relation with TCP throughput , 2003, TNET.

[4] Kai Hwang,et al. HAWK: Halting Anomalies with Weighted Choking to Rescue Well-Behaved TCP Sessions from Shrew DDoS Attacks , 2005, ICCNMC.

[5] Manish Jain,et al. End-to-end available bandwidth: measurement methodology, dynamics, and relation with TCP throughput , 2002, SIGCOMM 2002.

[6] Manish Jain,et al. End-to-end available bandwidth: measurement methodology, dynamics, and relation with TCP throughput , 2003, IEEE/ACM Trans. Netw..