On a Mathematical Model for Low-Rate Shrew DDoS
Reads0
Chats0
TLDR
A mathematical model for estimating attack effect of this stealthy type of DDoS, originally capturing the adjustment behaviors of victim TCPs congestion window, which reveals some novel properties of the shrew attack from the interaction between attack pattern and network environment.Abstract:
The shrew distributed denial of service (DDoS) attack is very detrimental for many applications, since it can throttle TCP flows to a small fraction of their ideal rate at very low attack cost. Earlier works mainly focused on empirical studies of defending against the shrew DDoS, and very few of them provided analytic results about the attack itself. In this paper, we propose a mathematical model for estimating attack effect of this stealthy type of DDoS. By originally capturing the adjustment behaviors of victim TCPs congestion window, our model can comprehensively evaluate the combined impact of attack pattern (i.e., how the attack is configured) and network environment on attack effect (the existing models failed to consider the impact of network environment). Henceforth, our model has higher accuracy over a wider range of network environments. The relative error of our model remains around 10% for most attack patterns and network environments, whereas the relative error of the benchmark model in previous works has a mean value of 69.57%, and it could be more than 180% in some cases. More importantly, our model reveals some novel properties of the shrew attack from the interaction between attack pattern and network environment, such as the minimum cost formula to launch a successful attack, and the maximum effect formula of a shrew attack. With them, we are able to find out how to adaptively tune the attack parameters (e.g., the DoS burst length) to improve its attack effect in a given network environment, and how to reconfigure the network resource (e.g., the bottleneck buffer size) to mitigate the shrew DDoS with a given attack pattern. Finally, based on our theoretical results, we put forward a simple strategy to defend the shrew attack. The simulation results indicate that this strategy can remarkably increase TCP throughput by nearly half of the bottleneck bandwidth (and can be higher) for general attack patterns.read more
Citations
More filters
Journal ArticleDOI
Invariant packet feature with network conditions for efficient low rate attack detection in multimedia networks for improved QoS
TL;DR: An invariant feature based approach that performs low rate attack detection and improves the performance of the methods used in detecting low rate attacks for invariant network conditions.
Journal ArticleDOI
Defense Mechanisms Against DDoS Attacks in a Cloud Computing Environment: State-of-the-Art and Research Challenges
Neha Agrawal,Shashikala Tapaswi +1 more
TL;DR: This paper presents a comprehensive taxonomy of all the possible variants of cloud DDoS attacks solutions with detailed insight into the characterization, prevention, detection, and mitigation mechanisms with a detailed discussion on essential performance metrics to evaluate various defense solutions and their behavior in a cloud environment.
Journal ArticleDOI
Low-Rate DoS Attacks Detection Based on Network Multifractal
Zhijun Wu,Liyuan Zhang,Meng Yue +2 more
TL;DR: This paper targets at exploiting and estimating the changes in multifractal characteristics of network traffic for detecting LDoS attack flows and the algorithm of multifractals detrended fluctuation analysis (MF-DFA) is used to explore the change in terms of multifractional characteristics over a small scale of network Traffic.
Journal ArticleDOI
An SDN-Enabled Pseudo-Honeypot Strategy for Distributed Denial of Service Attacks in Industrial Internet of Things
TL;DR: A new attack that can identify honeypots to invalidate their protection is revealed, and several groups of Bayesian–Nash Equilibrium in the PHG strategy can achieve the optimal equilibrium between legitimate users and attackers.
Journal ArticleDOI
Low-Rate DDoS Attack Detection Using Expectation of Packet Size
TL;DR: A measurement—expectation of packet size—that is based on the distribution difference of the packet size to distinguish two typical low-rate DDoS attacks, the constant attack and the pulsing attack, from legitimate traffic is proposed.
References
More filters
The NewReno Modification to TCP's Fast Recovery Algorithm
TL;DR: The purpose of this document is to advance NewReno TCP's Fast Retransmit and Fast Recovery algorithms in RFC 2582 from Experimental to Standards Track status.
Book
Sizing router buffers
TL;DR: It is shown that a link with n flows requires no more than B = (overlineRTT x C) √n, for long-lived or short-lived TCP flows, because of the large number of flows multiplexed together on a single backbone link.
Proceedings ArticleDOI
Statistical bandwidth sharing: a study of congestion at flow level
TL;DR: The statistics of the realized throughput of elastic document transfers are studied, accounting for the way network bandwidth is shared dynamically between the randomly varying number of concurrent flows.
Journal ArticleDOI
High performance TCP in ANSNET
Curtis Villamizar,Cheng Song +1 more
TL;DR: Queueing capacity greater than or equal to the delay bandwidth product and RED are recommended and RED provides performance improvement in all but the single flow case, but cannot substitute for adequate queueing capacity, particularly if high speed flows are to be supported.
Proceedings ArticleDOI
On estimating end-to-end network path properties
Mark Allman,Vern Paxson +1 more
TL;DR: This work considers two basic transport estimation problems: determining the setting of the retransmission timer (RTO) for a reliable protocol, and estimating the bandwidth available to a connection as it begins, and develops a receiver-side algorithm that performs significantly better.
Related Papers (5)
Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics
Yang Xiang,Ke Li,Wanlei Zhou +2 more