Title :
The DRR-based approach of defending against LDoS
Author :
Lei, Jin ; Liu, Xingchen
Author_Institution :
Tianjin Key Lab. for Adv. Signal Process., Civil Aviation Univ. of China, Tianjin, China
Abstract :
The low-rate denial of service (LDoS) attack is known as a low-rate TCP attack with essentially a periodic short burst, which exploits the homogeneity of the minimum retransmission timeout (RTO) of TCP flows and forces all affected TCP flows to back off and enter the retransmission timeout state. LDoS attack is new threat to Internet and ISP service. This paper adopts the deficit round robin (DRR) algorithm to defend against LDoS attack. DRR algorithm provides bandwidth allocation and protection between flows to improve the throughput of all the TCP flow. Experiments on single low-rate attack on single TCP flow and multiple TCP flows show that DRR has an expected effect on resisting LDoS attack.
Keywords :
Internet; bandwidth allocation; computer network security; data communication; transport protocols; DRR based approach; ISP service; Internet; LDoS attack; TCP flow; bandwidth allocation; deficit round robin algorithm; low rate TCP attack; low rate denial of service; minimum retransmission timeout; periodic short burst; Bandwidth; DRR; fairness; low-rate DoS (LDoS);
Conference_Titel :
Intelligent Computing and Intelligent Systems (ICIS), 2010 IEEE International Conference on
Conference_Location :
Xiamen
Print_ISBN :
978-1-4244-6582-8
DOI :
10.1109/ICICISYS.2010.5658662
