A New Mechanism for Improving Robustness of TCP against Pulsing Denial-of-Service Attacks
نویسندگان
چکیده
In this paper, we propose a new mechanism to combat pulsing Denial-of-Service (DoS) attacks. Pulsing DoS attacks can seriously degrade the throughput of legitimate TCP flows in a stealthy manner. The attacker send periodic short bursts of traffic (i.e. pulses) to cause packet losses of TCP flows. For improving robustness of TCP against the attacks, we propose to use adaptive bandwidth estimation mechanism in TCP congestion control process. The performance of the proposed method is evaluated through simulations, and is compared with the other TCP variants. From the simulation results, we verified that the proposed method can effectively mitigate the effect of pulsing DoS attacks. Key-Words: Pulsing DoS Attack, Robustness, Transmission Control Protocol (TCP), Congestion Control, Available Bandwidth Estimation, Adaptive Estimation Mechanisms
منابع مشابه
Pulsing RoQ DDoS Attacking and Defense Scheme in Mobile Ad Hoc Networks
Reduction of Quality (RoQ) attack is a new style of Distributed Denial of Service (DDoS) attack. The goodput and delay performance of TCP or UDP flows are very sensitive to such RoQ attacks. In this paper, we study in detail congestion-based RoQ DDoS attacks in mobile ad-hoc networks for the first time. Specifically, we study the attacking principles based on analysis of the network capacity an...
متن کاملNeural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks
Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...
متن کاملDoS-Resistant Attribute-Based Encryption in Mobile Cloud Computing with Revocation
Security and privacy are very important challenges for outsourced private data over cloud storages. By taking Attribute-Based Encryption (ABE) for Access Control (AC) purpose we use fine-grained AC over cloud storage. In this paper, we extend previous Ciphertext Policy ABE (CP-ABE) schemes especially for mobile and resource-constrained devices in a cloud computing environment in two aspects, a ...
متن کاملOn a New Class of Pulsing Denial-of-Service Attacks and the Defense
In this paper we analyze a new class of pulsing denialof-service (PDoS) attacks that could seriously degrade the throughput of TCP flows. During a PDoS attack, periodic pulses of attack packets are sent to a victim. The magnitude of each pulse should be significant enough to cause packet losses. We describe two specific attack models according to the timing of the attack pulses with respect to ...
متن کاملDetecting Pulsing Denial-of-Service Attacks with Nondeterministic Attack Intervals
This paper addresses the important problem of detecting pulsing denial of service (PDoS) attacks which send a sequence of attack pulses to reduce TCP throughput. Unlike previous works which focused on a restricted form of attacks, we consider a very broad class of attacks. In particular, our attack model admits any attack interval between two adjacent pulses, whether deterministic or not. It al...
متن کامل