Showing papers by "Xiaolong Yang published in 2014"

On a Mathematical Model for Low-Rate Shrew DDoS

Abstract: The shrew distributed denial of service (DDoS) attack is very detrimental for many applications, since it can throttle TCP flows to a small fraction of their ideal rate at very low attack cost. Earlier works mainly focused on empirical studies of defending against the shrew DDoS, and very few of them provided analytic results about the attack itself. In this paper, we propose a mathematical model for estimating attack effect of this stealthy type of DDoS. By originally capturing the adjustment behaviors of victim TCPs congestion window, our model can comprehensively evaluate the combined impact of attack pattern (i.e., how the attack is configured) and network environment on attack effect (the existing models failed to consider the impact of network environment). Henceforth, our model has higher accuracy over a wider range of network environments. The relative error of our model remains around 10% for most attack patterns and network environments, whereas the relative error of the benchmark model in previous works has a mean value of 69.57%, and it could be more than 180% in some cases. More importantly, our model reveals some novel properties of the shrew attack from the interaction between attack pattern and network environment, such as the minimum cost formula to launch a successful attack, and the maximum effect formula of a shrew attack. With them, we are able to find out how to adaptively tune the attack parameters (e.g., the DoS burst length) to improve its attack effect in a given network environment, and how to reconfigure the network resource (e.g., the bottleneck buffer size) to mitigate the shrew DDoS with a given attack pattern. Finally, based on our theoretical results, we put forward a simple strategy to defend the shrew attack. The simulation results indicate that this strategy can remarkably increase TCP throughput by nearly half of the bottleneck bandwidth (and can be higher) for general attack patterns.

The NewShrew attack: A new type of low-rate TCP-Targeted DoS attack

Abstract: Distributed Denial of Service (DDoS) attack has become one of the major threats to the Internet. Traditional brute-force, high-rate DDoS attacks expose many obvious anomaly features to defense systems, so that they can be easily detected and mitigated. In this paper we propose a new type of low-rate TCP-targeted DoS attack, called NewShrew, which exploits the deficiencies in TCP's timeout mechanism and slow start mechanism. This attack could significantly degrade TCP throughput, while evading the supervision of DoS prevention systems by inconspicuously consuming a small part of network capacity. We use theoretical analysis and numerical simulations to demonstrate the effectiveness of this attack for different RTT heterogeneity, TCP variant, and network environment. We reveal the interactions among the attack parameters, and the trade-offs between throughput degradation and attack cost. Moreover, we empirically show that NewShrew outperforms the classical Shrew DoS attack in terms of lower average attack rate (averagely 47.82%), higher attack efficiency (the ratio between throughput degradation inflicted by an attack and the average attack rate of the attack) with an average of 45.79%, and higher throughput degradation (averagely 11.54%) after deploying a typical defense mechanism (namely, RTO randomization). Our work innovatively exposes TCP slow start mechanism as a possible vulnerability to adversarial attacks, hence it opens new avenue to improving the resilience of TCP.

HTTP-SoLDiER: An HTTP-flooding attack detection scheme with the large deviation principle

Abstract: HTTP-flooding attack is a much stealthier distributed denial of service (DDoS) attack, challenging the survivability of the web services seriously. Observing the web access behavior, we find that the surfing preference of normal users is much more consistent with the webpage popularity than that of malicious users. Based on this observation, this paper proposes a novel detection scheme for HTTP-flooding (HTTP-SoLDiER). Specifically, HTTP-SoLDiER first quantifies the consistency between web users surfing preference and the webpage popularity with large-deviation principle. Then HTTP-SoLDiER distinguishes the malicious users from normal ones according to the large-deviation probability. In practice, the webpage popularity plays a key role in attack detection of HTTP-SoLDiER. Due to the never-ending updating of the webpage content and the disturbance induced by attackers, the webpage popularity often varies over time. Thus, it is critical for HTTP-SoLDiER to dynamically update the webpage popularity. We design a reversible exponentially weighted moving average (EWMA) algorithm to solve the problem. Finally, we evaluate the effectiveness of this scheme in terms of true positive (TP) and false positive (FP) probabilities with NS-3 simulations. The simulation results show that HTTP-SoLDiER can detect all random HTTP-flooding attackers and most of the perfect-knowledge HTTP-flooding attackers at little false positive.

SCAR marker for sex identification of Pistacia chinensis Bunge (Anacardiaceae).

Abstract: Pistacia chinensis Bunge is a dioecious plant that originated in China, and its sex cannot be identified at the early stage of cultivation by only its appearance. Recent studies show that the seed of P. chinensis is an ideal feedstock for biofuel production. To guide the cultivation of this energy plant scientifically, a new method is urgently needed to identify the sex of P. chinensis seedlings. In this paper, from 21 random-amplified polymorphic DNA primers and 20 inter-simple sequence repeat primers, 2 sex-specific primers (S1 and S281) were identified that can amplify female-specific fragments of 473 and 1242 bp, respectively. However, only 1 fragment (FS281) was converted successfully into a sequence-characterized amplified region marker using S281-1 and S281-2 primers. When the annealing temperature was 64°C, a 636-bp specific sequence appeared in all female specimens but was absent in all the male samples tested. This study will offer some clues to sex selection in P. chinensis plantations.

A user interest-aware content replica optimized placement algorithm for CDN networks

Abstract: The replica placement algorithm plays a key role in improving the distribution efficiency of content delivery networks( CDNs). However, most existing algorithms consider only increasing the ISPs' benefits, and do not consider matching the user's interesting content subjects and improving its QOE for CDN services. Therefore, this paper proposes a user interestaware content replica optimized placement algorithm (UIARP). Firstly, the user's interest is extracted from its content access logs by clustering algorithms. Then replicas are placed according to the descending order of the collective interest degree, which satisfies the constraints of responsive tolerance limit and storage capacity. Finally, the UIARP algorithm can achieve the match between placing replicas and user content demand through minimizing the average response time. This algorithm not only ensures that users get interested replicas quickly, but also improves the network performance. The simulation analyses from four aspects including the average response time, the request response matching degree, load balancing and the adjacent replica utilization rate, which verify the effectiveness of the proposed algorithm.