Title :
Low-rate TCP-targeted denial of service attacks and counter strategies
Author :
Kuzmanovic, Aleksandar ; Knightly, Edward W.
Author_Institution :
Dept. of Electr. Eng. & Comput. Sci., Northwestern Univ., Evanston, IL
Abstract :
Denial of Service attacks are presenting an increasing threat to the global inter-networking infrastructure. While TCP´s congestion control algorithm is highly robust to diverse network conditions, its implicit assumption of end-system cooperation results in a well-known vulnerability to attack by high-rate non-responsive flows. In this paper, we investigate a class of low-rate denial of service attacks which, unlike high-rate attacks, are difficult for routers and counter-DoS mechanisms to detect. Using a combination of analytical modeling, simulations, and Internet experiments, we show that maliciously chosen low-rate DoS traffic patterns that exploit TCP´s retransmission timeout mechanism can throttle TCP flows to a small fraction of their ideal rate while eluding detection. Moreover, as such attacks exploit protocol homogeneity, we study fundamental limits of the ability of a class of randomized timeout mechanisms to thwart such low-rate DoS attacks
Keywords :
Internet; internetworking; security of data; telecommunication congestion control; telecommunication network routing; telecommunication traffic; transport protocols; Internet experiments; TCP congestion control algorithm; TCP retransmission timeout mechanism; counter strategies; end-system cooperation; global inter-networking infrastructure; high-rate nonresponsive flows; low-rate DoS traffic patterns; low-rate TCP-targeted denial-of-service attacks; protocol homogeneity; randomized timeout mechanisms; Analytical models; Bandwidth; Broadcasting; Computer crime; Counting circuits; Data structures; Network servers; Protocols; Robust control; Throughput; Denial of service; TCP; retransmission timeout;
Journal_Title :
Networking, IEEE/ACM Transactions on
DOI :
10.1109/TNET.2006.880180
