Detecting pulsing denial-of-service attacks with nondeterministic attack intervals

Kow Chuen Chang, Xiapu Luo, Edmond W.W. Chan

Research output: Journal article publicationJournal articleAcademic researchpeer-review

21 Citations (Scopus)


This paper addresses the important problem of detecting pulsing denial of service (PDoS) attacks which send a sequence of attack pulses to reduce TCP throughput. Unlike previous works which focused on a restricted form of attacks, we consider a very broad class of attacks. In particular, our attack model admits any attack interval between two adjacent pulses, whether deterministic or not. It also includes the traditional flooding-based attacks as a limiting case (i.e., zero attack interval). Our main contribution is Vanguard, a new anomaly-based detection scheme for this class of PDoS attacks. The Vanguard detection is based on three traffic anomalies induced by the attacks, and it detects them using a CUSUM algorithm. We have prototyped Vanguard and evaluated it on a testbed. The experiment results show that Vanguard is more effective than the previous methods that are based on other traffic anomalies (after a transformation using wavelet transform, Fourier transform, and autocorrelation) and detection algorithms (e.g., dynamic time warping).
Original languageEnglish
Article number256821
JournalEurasip Journal on Advances in Signal Processing
Publication statusPublished - 15 Jun 2009

ASJC Scopus subject areas

  • Signal Processing
  • Hardware and Architecture
  • Electrical and Electronic Engineering


Dive into the research topics of 'Detecting pulsing denial-of-service attacks with nondeterministic attack intervals'. Together they form a unique fingerprint.

Cite this