An Efficient Response Time for Shrew Attack Protection in Mitigating Low-Rate Tcp- Targeted Attacks
نویسنده
چکیده
-This paper presents a simple prioritytagging filtering mechanism, called SAP (Shrew Attack Protection), which protects well-behaved TCP flows against low-rate TCP-targeted Shrew attacks. In this scheme, a router maintains a simple set of counters and keeps track of the drop rate for each potential victim. If the monitored drop rates are low, all packets are treated as normal and equally complete to be admitted to the output queue and only dropped based on the AQM (Active Queue Management) policy when the output queue is full. SAP keeps tagging victim packets as high priority until their drop rate is below the fair drop rate. By preferentially dropping normal packets to protect high-priority packets, SAP can prevent low rate TCP-targeted Shrew attacks from causing a well-behaved TCP flow to lose multiple consecutive packets repeatedly. This simple strategy protects wellbehaved TCP flows away from near zero throughputs (due to slow start) under an attack. Keywords---Shrew attack, differential tagging, fair drop rate.
منابع مشابه
A Study on High Rate Shrew DDOS Attack
Denial of Service attacks are frequently presenting an increasing threat to the global inter-networking infrastructure in networking area . The algorithm for TCP congestion control algorithm is highly efficient for the various networking areas and operations as well its internal assumption of end-system cooperation results are well prone to attack by high-rate flows. A Shrew attack uses the con...
متن کاملThe Taming of the Shrew
The Shrew attack is a denial of service attack wherein a rogue end-system periodically generates a high-bandwidth “spike” in order to cause TCP senders to experience loss simultaneously, synchronize their retransmissions, and ultimately experience congestive collapse. Because these spikes are periodic, overall the Shrew is a low bandwidth flow and difficult to detect and police. Currently, the ...
متن کاملLow Rate TCP Shrew Attacks: Threats and Solutions
On the global Internet, the main function of TCP is to provide a reliable byte stream process to process communication. Today, TCP is the most widespread protocol used for exchanging data in the Internet and almost responsible for more than 90 percent of the world’s total data traffic on the Internet. Despite its widespread usage, many of the TCP protocols were designed with little consideratio...
متن کاملCollaborative detection and filtering of shrew DDoS attacks using spectral analysis
This paper presents a new spectral template-matching approach to countering shrew distributed denial-of-service (DDoS) attacks. These attacks are stealthy, periodic, pulsing, and low-rate in attack volume, very different from the flooding type of attacks. They are launched with high narrow spikes in very low frequency, periodically. Thus, shrew attacks may endanger the victim systems for a long...
متن کاملHAWK: Halting Anomalies with Weighted Choking to Rescue Well-Behaved TCP Sessions from Shrew DDoS Attacks
High availability in network services is crucial for effective largescale distributed computing. While distributed denial-of-service (DDoS) attacks through massive packet flooding have baffled researchers for years, a new type of even more detrimental attack—shrew attacks (periodic intensive packet bursts with low average rate)—has recently been identified. Shrew attacks can significantly degra...
متن کامل