Spectral Analysis of TCP Flows for Defense Against Reduction-of-Quality Attacks

Author

Yu Chen ; Kai Hwang

Author_Institution

State Univ. of New York - Binghamton, Binghamton

fYear

2007

fDate

24-28 June 2007

Firstpage

1203

Lastpage

1210

Abstract

The RoQ (reduction-of-quality) attacks are low- rate DDoS attacks that degrade the QoS to end systems stealthily but not to deny the services completely. These attacks are more difficult to detect than the flooding DDoS attacks. This paper explores the energy distributions of Internet traffic flows in frequency domain. Normal TCP traffic flows present periodicity because of protocol behavior. Our results reveal that normal TCP flows can be segregated from malicious flows according to energy distribution properties. We discover the spectral shifting of attack flows from that of normal flows. Combining flow-level spectral analysis with sequential hypothesis testing, we propose a novel defense scheme against RoQ attacks. Our detection and filtering scheme can effectively rescue 99% legitimate TCP flows under the RoQ attacks.

Keywords

Internet; filtering theory; quality of service; telecommunication security; telecommunication traffic; transport protocols; QoS; TCP traffic flows; energy distribution properties; filtering scheme; flow-level spectral analysis; protocol behavior; reduction-of-quality attacks; sequential hypothesis testing; spectral analysis; spectral shifting; Communication system traffic control; Computer crime; Frequency domain analysis; IP networks; Internet; Protocols; Spectral analysis; Telecommunication traffic; Testing; USA Councils;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications, 2007. ICC '07. IEEE International Conference on

Conference_Location

Glasgow

Print_ISBN

1-4244-0353-7

Type

conf

DOI

10.1109/ICC.2007.204

Filename

4288875