Title :
Spectral Analysis of TCP Flows for Defense Against Reduction-of-Quality Attacks
Author :
Yu Chen ; Kai Hwang
Author_Institution :
State Univ. of New York - Binghamton, Binghamton
Abstract :
The RoQ (reduction-of-quality) attacks are low- rate DDoS attacks that degrade the QoS to end systems stealthily but not to deny the services completely. These attacks are more difficult to detect than the flooding DDoS attacks. This paper explores the energy distributions of Internet traffic flows in frequency domain. Normal TCP traffic flows present periodicity because of protocol behavior. Our results reveal that normal TCP flows can be segregated from malicious flows according to energy distribution properties. We discover the spectral shifting of attack flows from that of normal flows. Combining flow-level spectral analysis with sequential hypothesis testing, we propose a novel defense scheme against RoQ attacks. Our detection and filtering scheme can effectively rescue 99% legitimate TCP flows under the RoQ attacks.
Keywords :
Internet; filtering theory; quality of service; telecommunication security; telecommunication traffic; transport protocols; QoS; TCP traffic flows; energy distribution properties; filtering scheme; flow-level spectral analysis; protocol behavior; reduction-of-quality attacks; sequential hypothesis testing; spectral analysis; spectral shifting; Communication system traffic control; Computer crime; Frequency domain analysis; IP networks; Internet; Protocols; Spectral analysis; Telecommunication traffic; Testing; USA Councils;
Conference_Titel :
Communications, 2007. ICC '07. IEEE International Conference on
Conference_Location :
Glasgow
Print_ISBN :
1-4244-0353-7
DOI :
10.1109/ICC.2007.204
