TCP Flow Analysis for Defense against Shrew DDoS Attacks
نویسندگان
چکیده
The shrew or RoS attacks are low-rate DDoS attacks that degrade the QoS to end systems slowly but not to deny the services completely. These attacks are more difficult to detect than the flooding type of DDoS attacks. In this paper, we explore the energy distributions of Internet traffic flows in frequency domain. Normal TCP traffic flows present some form of periodicity because of TCP protocol behavior. Our results reveal that normal TCP flows can be segregated from malicious flows using some energy distribution properties. We discover the spectral shifting of attack flows from that of normal flows. Combining flow-level spectral analysis with sequential hypothesis testing, we propose a novel defense scheme against shrew DDoS or RoQ (reduction-of-service) attacks. Our detection and filtering scheme can effectively rescue 99% legitimate TCP flows under the RoS attacks.
منابع مشابه
Collaborative detection and filtering of shrew DDoS attacks using spectral analysis
This paper presents a new spectral template-matching approach to countering shrew distributed denial-of-service (DDoS) attacks. These attacks are stealthy, periodic, pulsing, and low-rate in attack volume, very different from the flooding type of attacks. They are launched with high narrow spikes in very low frequency, periodically. Thus, shrew attacks may endanger the victim systems for a long...
متن کاملHAWK: Halting Anomalies with Weighted Choking to Rescue Well-Behaved TCP Sessions from Shrew DDoS Attacks
High availability in network services is crucial for effective largescale distributed computing. While distributed denial-of-service (DDoS) attacks through massive packet flooding have baffled researchers for years, a new type of even more detrimental attack—shrew attacks (periodic intensive packet bursts with low average rate)—has recently been identified. Shrew attacks can significantly degra...
متن کاملCollaborative Defense against Periodic Shrew DDoS Attacks in Frequency Domain
The shrew or pulsing DDoS (Distributed Denial-of-Service) attacks, also known as RoQ (Reduction of Quality) attacks, are stealthy, periodic, and low-rate in volume. The shrew attacks could be even more detrimental to network resources than the flooding type of DDoS attacks. Shrew attacks appear periodically in low volume, thereby damaging the victim servers for a long time without being detecte...
متن کاملA Study on High Rate Shrew DDOS Attack
Denial of Service attacks are frequently presenting an increasing threat to the global inter-networking infrastructure in networking area . The algorithm for TCP congestion control algorithm is highly efficient for the various networking areas and operations as well its internal assumption of end-system cooperation results are well prone to attack by high-rate flows. A Shrew attack uses the con...
متن کاملAn Efficient Response Time for Shrew Attack Protection in Mitigating Low-Rate Tcp- Targeted Attacks
-This paper presents a simple prioritytagging filtering mechanism, called SAP (Shrew Attack Protection), which protects well-behaved TCP flows against low-rate TCP-targeted Shrew attacks. In this scheme, a router maintains a simple set of counters and keeps track of the drop rate for each potential victim. If the monitored drop rates are low, all packets are treated as normal and equally comple...
متن کامل