Abstract
A few low-rate, TCP-targeted Denial-of-Service (DoS) attacks have been recently proposed, including the Shrew attack, Reduction of Quality (RoQ) attack, and Pulsing DoS (PDoS) attack. All of them use periodic attack pulses to throttle TCP flows. These attacks could potentially become major threats to the Internet's stabiliity and therefore they have motivated the development of a number of detection mechanisms for such attacks. However, those detection mechanisms are designed for specific attacks. Moreover, they assume that the period of the attack pulses is a nonzero constant Unfortunately, these assumptions can be easily thwarted by more sophisticated attack strategies. In this paper, we propose a new detection system called Vanguard to identify a wide range of the aforementioned low-rate, DoS attacks, including the traditional flooding-based attacks as a special case. Vanguard can also detect attacks with randomized attack periods. We have validated Vanguard's efficacy based on extensive test-bed experiments. We have also compared Vanguard with other recently proposed detection systems.
Original language | English |
---|---|
Title of host publication | 10th IEEE/IFIP Network Operations and Management Symposium, NOMS 2006 |
Pages | 507-518 |
Number of pages | 12 |
Publication status | Published - 1 Dec 2006 |
Event | 10th IEEE/IFIP Network Operations and Management Symposium, NOMS 2006 - Vancouver, BC, Canada Duration: 3 Apr 2006 → 7 Apr 2006 |
Conference
Conference | 10th IEEE/IFIP Network Operations and Management Symposium, NOMS 2006 |
---|---|
Country/Territory | Canada |
City | Vancouver, BC |
Period | 3/04/06 → 7/04/06 |
ASJC Scopus subject areas
- Hardware and Architecture
- Electrical and Electronic Engineering