HAWK: Halting Anomalies with Weighted Choking to Rescue Well-Behaved TCP Sessions from Shrew DDoS Attacks
نویسندگان
چکیده
High availability in network services is crucial for effective largescale distributed computing. While distributed denial-of-service (DDoS) attacks through massive packet flooding have baffled researchers for years, a new type of even more detrimental attack—shrew attacks (periodic intensive packet bursts with low average rate)—has recently been identified. Shrew attacks can significantly degrade well-behaved TCP sessions, repel potential new connections, and are very difficult to detect, not to mention defend against, due to its low average rate. We propose a new stateful adaptive queue management technique called HAWK (Halting Anomaly with Weighted choKing) which works by judiciously identifying malicious shrew packet flows using a small flow table and dropping such packets decisively to halt the attack such that well-behaved TCP sessions can re-gain their bandwidth shares. Our NS-2 based extensive performance results indicate that HAWK is highly agile.
منابع مشابه
HAWK: Halting Anomaly with Weighted ChoKing to Rescue Well-Behaved TCP Sessions from Shrew DoS Attacks
1 Manuscript submitted to ICDCS 2005 on October 8, 2004. All rights reserved by the authors. This research was supported by an NSF ITR Research Grant under contract number ACI-0325409. Corresponding Author: Kai Hwang, Email: [email protected], Tel: 213-740-4470, Fax: 213-740-4418. Abstract—High availability in network services is crucial for effective large-scale distributed computing. While den...
متن کاملTCP Flow Analysis for Defense against Shrew DDoS Attacks
The shrew or RoS attacks are low-rate DDoS attacks that degrade the QoS to end systems slowly but not to deny the services completely. These attacks are more difficult to detect than the flooding type of DDoS attacks. In this paper, we explore the energy distributions of Internet traffic flows in frequency domain. Normal TCP traffic flows present some form of periodicity because of TCP protocol...
متن کاملCollaborative detection and filtering of shrew DDoS attacks using spectral analysis
This paper presents a new spectral template-matching approach to countering shrew distributed denial-of-service (DDoS) attacks. These attacks are stealthy, periodic, pulsing, and low-rate in attack volume, very different from the flooding type of attacks. They are launched with high narrow spikes in very low frequency, periodically. Thus, shrew attacks may endanger the victim systems for a long...
متن کاملAn Efficient Response Time for Shrew Attack Protection in Mitigating Low-Rate Tcp- Targeted Attacks
-This paper presents a simple prioritytagging filtering mechanism, called SAP (Shrew Attack Protection), which protects well-behaved TCP flows against low-rate TCP-targeted Shrew attacks. In this scheme, a router maintains a simple set of counters and keeps track of the drop rate for each potential victim. If the monitored drop rates are low, all packets are treated as normal and equally comple...
متن کاملA Study on High Rate Shrew DDOS Attack
Denial of Service attacks are frequently presenting an increasing threat to the global inter-networking infrastructure in networking area . The algorithm for TCP congestion control algorithm is highly efficient for the various networking areas and operations as well its internal assumption of end-system cooperation results are well prone to attack by high-rate flows. A Shrew attack uses the con...
متن کامل