Vanguard: A New Detection Scheme for a Class of TCP-targeted Denial-of-Service Attacks

A few low-rate, TCP-targeted denial-of-service (DoS) attacks have been recently proposed, including the shrew attack, reduction of quality (RoQ) attack, and pulsing DoS (PDoS) attack. All of them use periodic attack pulses to throttle TCP flows. These attacks could potentially become major threats to the Internet´s stability and therefore they have motivated the development of a number of detection mechanisms for such attacks. However, those detection mechanisms are designed for specific attacks. Moreover, they assume that the period of the attack pulses is a nonzero constant. Unfortunately, these assumptions can be easily thwarted by more sophisticated attack strategies. In this paper, we propose a new detection system called Vanguard to identify a wide range of the aforementioned low-rate, DoS attacks, including the traditional flooding-based attacks as a special case. Vanguard can also detect attacks with randomized attack periods. We have validated Vanguard´s efficacy based on extensive test-bed experiments. We have also compared Vanguard with other recently proposed detection systems