DDoS: Flood vs. Shrew
نویسندگان
چکیده
Distributed Denial of Service (DDoS) attack is one of the greatest threats to connectivity, continuity, and availability of the Internet. In this paper, two typical types of DDoS attacks, high-rate (Flood) and low-rate (Shrew), are studied on their generation principles, mechanism utilizations, behaviors, signatures, and attack performances. Experiment results show that: (I) high-rate DDoS sends a large amount of traffic to destroy the victim but it is easy to be detected. (II) low-rate DDoS organizes a small quantity of traffic to degrade the service quality at the victim end and it is easy to escape from detection. Comparison of flood with shrew is helpful to detect and defend DDoS attacks efficiently.
منابع مشابه
Collaborative Defense against Periodic Shrew DDoS Attacks in Frequency Domain
The shrew or pulsing DDoS (Distributed Denial-of-Service) attacks, also known as RoQ (Reduction of Quality) attacks, are stealthy, periodic, and low-rate in volume. The shrew attacks could be even more detrimental to network resources than the flooding type of DDoS attacks. Shrew attacks appear periodically in low volume, thereby damaging the victim servers for a long time without being detecte...
متن کاملA Principle of a Data Synthesizer for Performance Test of Anti-DDOS Flood Attacks
Distributed denial-of-service (DDOS) flood attacks remain a big issue in network security. Real events of DDOS flood attacks show that an attacked site (e.g., server) usually may not be overwhelmed immediately at the moment attack packets arrive at that site but sometime late. Therefore, a site has a performance to resist DDOS flood attacks. To test such a performance, data synthesizer is desir...
متن کاملTCP Flow Analysis for Defense against Shrew DDoS Attacks
The shrew or RoS attacks are low-rate DDoS attacks that degrade the QoS to end systems slowly but not to deny the services completely. These attacks are more difficult to detect than the flooding type of DDoS attacks. In this paper, we explore the energy distributions of Internet traffic flows in frequency domain. Normal TCP traffic flows present some form of periodicity because of TCP protocol...
متن کاملFiltering Shrew DDoS Attacks Using A New Frequency-Domain Approach
The stealthy shrew Distributed Denial of Services (DDoS) attacks, also known as Reduction of Quality (RoQ) attacks, could be even more detrimental than the more widely known flooding DDoS assaults. The reason is that such shrew attacks damage the victim servers for a long time without being noticed, thereby denying new visitors to the victim servers, which are mostly e-commerce sites. Thus, in ...
متن کاملCollaborative detection and filtering of shrew DDoS attacks using spectral analysis
This paper presents a new spectral template-matching approach to countering shrew distributed denial-of-service (DDoS) attacks. These attacks are stealthy, periodic, pulsing, and low-rate in attack volume, very different from the flooding type of attacks. They are launched with high narrow spikes in very low frequency, periodically. Thus, shrew attacks may endanger the victim systems for a long...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- JCP
دوره 9 شماره
صفحات -
تاریخ انتشار 2014