Control of low-rate denial-of-service attacks on web servers and TCP flows

The security of feedback control systems is an important problem to the Internet because feedback controllers have been widely used in popular Internet applications (e.g. web server) and fundamental protocols (e.g. TCP). The vulnerability comes from the fact that an attacker can easily manipulate the input and control variables of those controllers. In our previous works, we analyzed threats of some special lowrate Denial-of-Service attacks (LRDoS) to the feedback control systems used in web servers and TCP flows. In this paper, based on hybrid system theory, we derive general results from two aspects. First, we propose a new proportional-integral feedback controller for web servers to mitigate the impact of generalized LRDoS attacks. The stability and convergence properties of the controller are analyzed. Second, we model the impact of generalized LRDoS attacks on TCP by use of Zeno control. We investigate both the scenario when TCP uses fixed parameters in its congestion control algorithm and the scenario when TCP uses adaptive control to adjust those parameters. We also examine the case when there is no Zeno solution. Limit cycle analysis is employed to model the behavior of TCP's congestion control mechanism with periodic solutions. The globally asymptotic stability of those periodic solutions is proved.