Vanguard: A new detection scheme for a class of TCP-targeted denial-of-service attacks

Xiapu Luo, Edmond W.W. Chan, Kow Chuen Chang

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

24 Citations (Scopus)

Abstract

A few low-rate, TCP-targeted Denial-of-Service (DoS) attacks have been recently proposed, including the Shrew attack, Reduction of Quality (RoQ) attack, and Pulsing DoS (PDoS) attack. All of them use periodic attack pulses to throttle TCP flows. These attacks could potentially become major threats to the Internet's stabiliity and therefore they have motivated the development of a number of detection mechanisms for such attacks. However, those detection mechanisms are designed for specific attacks. Moreover, they assume that the period of the attack pulses is a nonzero constant Unfortunately, these assumptions can be easily thwarted by more sophisticated attack strategies. In this paper, we propose a new detection system called Vanguard to identify a wide range of the aforementioned low-rate, DoS attacks, including the traditional flooding-based attacks as a special case. Vanguard can also detect attacks with randomized attack periods. We have validated Vanguard's efficacy based on extensive test-bed experiments. We have also compared Vanguard with other recently proposed detection systems.
Original languageEnglish
Title of host publication10th IEEE/IFIP Network Operations and Management Symposium, NOMS 2006
Pages507-518
Number of pages12
Publication statusPublished - 1 Dec 2006
Event10th IEEE/IFIP Network Operations and Management Symposium, NOMS 2006 - Vancouver, BC, Canada
Duration: 3 Apr 20067 Apr 2006

Conference

Conference10th IEEE/IFIP Network Operations and Management Symposium, NOMS 2006
Country/TerritoryCanada
CityVancouver, BC
Period3/04/067/04/06

ASJC Scopus subject areas

  • Hardware and Architecture
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Vanguard: A new detection scheme for a class of TCP-targeted denial-of-service attacks'. Together they form a unique fingerprint.

Cite this