Detecting Pulsing Denial-of-Service Attacks Based on the Bandwidth Usage Condition

Pulsing Denial-of-Service (PDoS) attacks seriously degrade the throughput of TCP flows and consequently pose a grave detrimental effect on network performance. The fact that they generate less traffic than traditional flood-based attacks makes PDoS detection more difficult. Most of the conventional PDoS detection shemes focus on the periodical pattern of the pulse trains. Therefore, attackers can easily escape the detection system by merely controlling the timing of pulse transmission. In this paper, we propose a novel and robust PDoS detection method which capitalizes on the bandwidth usage condition of network traffic in distinguishing the congestion due to normal traffic from that due to PDoS attacks. Simulation experiments have demonstrated the effectiveness of the proposed scheme in detecting PDoS attacks.

[1]  Nirwan Ansari,et al.  Low rate TCP denial-of-service attack detection at edge routers , 2005, IEEE Communications Letters.

[2]  Aleksandar Kuzmanovic,et al.  Low-rate TCP-targeted denial of service attacks and counter strategies , 2006, TNET.

[3]  Vern Paxson,et al.  On estimating end-to-end network path properties , 2001, SIGCOMM LA '01.

[4]  Rocky K. C. Chang,et al.  Defending against flooding-based distributed denial-of-service attacks: a tutorial , 2002, IEEE Commun. Mag..

[5]  Kai Hwang,et al.  Filtering of shrew DDoS attacks in frequency domain , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.

[6]  Xiapu Luo,et al.  On a New Class of Pulsing Denial-of-Service Attacks and the Defense , 2005, NDSS.

[7]  David K. Y. Yau,et al.  Defending against low-rate TCP attacks: dynamic detection and protection , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..