Is it congestion or a DDoS attack?

We propose a new stealthy DDoS attack model referred to as the "quiet" attack. The attack traffic consists of TCP traffic only. Widely used botnets in today's various attacks and newly introduced network feedback control are integral part of the quiet attack model. We show that shortlived TCP flows can be intentionally misused. The quiet attack is detrimental to the Internet traffic and at the same time difficult to be detected by using current defense systems. We demonstrate the inability of representative defense schemes such as adaptive queue management and aggregate congestion control to detect the quiet attack.

[1]  Sandeep K. Gupta,et al.  TCP vs. TCP: a systematic study of adverse impact of short-lived TCP flows on long-lived TCP flows , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[2]  Jennifer Rexford,et al.  BGP routing policies in ISP networks , 2005, IEEE Network.

[3]  Wenke Lee,et al.  Modeling Botnet Propagation Using Time Zones , 2006, NDSS.

[4]  Eddie Kohler,et al.  Internet research needs better models , 2003, CCRV.

[5]  Demetres Antoniades,et al.  Available bandwidth measurement as simple as running wget , 2006 .

[6]  R. Srikant,et al.  An adaptive virtual queue (AVQ) algorithm for active queue management , 2004, IEEE/ACM Transactions on Networking.

[7]  Ratul Mahajan,et al.  Controlling high-bandwidth flows at the congested router , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[8]  M. Gerla,et al.  CapProbe: a simple and accurate capacity estimation technique , 2004, SIGCOMM.

[9]  Richard G. Baraniuk,et al.  pathChirp: Efficient available bandwidth estimation for network paths , 2003 .

[10]  Dimitri P. Bertsekas,et al.  Data Networks , 1986 .

[11]  Mina Guirguis,et al.  Exploiting the transients of adaptation for RoQ attacks on Internet resources , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..