Shrew Attack Prevention in RED Queue with Partial Flow Analysis
نویسندگان
چکیده
Shrew Attacks or Low Rate Denial of Service(LDoS) Attacks are initiated by sending large amount of packets for very short span of time such that the packet sending rate crosses the link capacity resulting in network congestion. Compared to Denial of Service (DoS) Attack, LDoS attack is very difficult to be detected because, the attacker can maintain low average packet sending rate while executing an attack. If the rate and interval of LDoS attack is properly estimated and executed, this attack can cause a severe threat to the retransmission time out adjustment of TCP and hence reduce its throughput to near zero. This paper proposes a lightweight LDoS filter which can be added with Preferential Dropping RED, to detect and prevent LDoS packets before they reach RED dropping policy. The advantage of this method is that only partial flows need to be analyzed to detect an attack. Simulations done in NS2 shows that, our method can effectively mitigate LDoS attack while maintaining fairness in bandwidth and low average queuing delay. General Terms Networking, Security, Intrusion Detection System
منابع مشابه
An Efficient Response Time for Shrew Attack Protection in Mitigating Low-Rate Tcp- Targeted Attacks
-This paper presents a simple prioritytagging filtering mechanism, called SAP (Shrew Attack Protection), which protects well-behaved TCP flows against low-rate TCP-targeted Shrew attacks. In this scheme, a router maintains a simple set of counters and keeps track of the drop rate for each potential victim. If the monitored drop rates are low, all packets are treated as normal and equally comple...
متن کاملThe Taming of the Shrew
The Shrew attack is a denial of service attack wherein a rogue end-system periodically generates a high-bandwidth “spike” in order to cause TCP senders to experience loss simultaneously, synchronize their retransmissions, and ultimately experience congestive collapse. Because these spikes are periodic, overall the Shrew is a low bandwidth flow and difficult to detect and police. Currently, the ...
متن کاملHAWK: Halting Anomalies with Weighted Choking to Rescue Well-Behaved TCP Sessions from Shrew DDoS Attacks
High availability in network services is crucial for effective largescale distributed computing. While distributed denial-of-service (DDoS) attacks through massive packet flooding have baffled researchers for years, a new type of even more detrimental attack—shrew attacks (periodic intensive packet bursts with low average rate)—has recently been identified. Shrew attacks can significantly degra...
متن کاملHAWK: Halting Anomaly with Weighted ChoKing to Rescue Well-Behaved TCP Sessions from Shrew DoS Attacks
1 Manuscript submitted to ICDCS 2005 on October 8, 2004. All rights reserved by the authors. This research was supported by an NSF ITR Research Grant under contract number ACI-0325409. Corresponding Author: Kai Hwang, Email: [email protected], Tel: 213-740-4470, Fax: 213-740-4418. Abstract—High availability in network services is crucial for effective large-scale distributed computing. While den...
متن کاملA Study on High Rate Shrew DDOS Attack
Denial of Service attacks are frequently presenting an increasing threat to the global inter-networking infrastructure in networking area . The algorithm for TCP congestion control algorithm is highly efficient for the various networking areas and operations as well its internal assumption of end-system cooperation results are well prone to attack by high-rate flows. A Shrew attack uses the con...
متن کامل