Filtering Shrew DDoS Attacks Using A New Frequency-Domain Approach

The stealthy shrew Distributed Denial of Services (DDoS) attacks, also known as Reduction of Quality (RoQ) attacks, could be even more detrimental than the more widely known flooding DDoS assaults. The reason is that such shrew attacks damage the victim servers for a long time without being noticed, thereby denying new visitors to the victim servers, which are mostly e-commerce sites. Thus, in order to minimize the monetary losses, there is a pressing need to effectively detect such attacks in real-time. Unfortunately, effective detection of shrew attacks remains an open problem. In this paper, we meet this challenge by proposing a new signal-processing approach to identifying and detecting the attacks by examining the frequency domain characteristics of incoming traffic flows to a server. Our proposed technique is effective in that its detection time is less than a few seconds. Furthermore, the technique entails simple implementation, making it deployable in real-life network environments.