A novel scheme based on dropped-packet information to restrict pulsing denial-of-service attacks

Pulsing denial-of-service (PDoS) attacks pose a serious problem on the Internet. The attacker periodically sends high-rate traffic over a short period. As a result, because packets are dropped from legitimate TCP flows, they are forced to degrade their throughput. A problem with conventional methods is that bursty short-lived TCP flows may be mistaken for PDoS attacks and their throughput will be decreased. This paper proposes a scheme for queue management to restrict PDoS attacks to overcome this problem. In the proposed method, malicious flows are first identified by using dropped-packet information and then the packet-in-buffer count of malicious flows is limited. This leads legitimate TCP flows to secure their throughput, and even mistaken bursty TCP flows can obtain some throughput. In addition, we evaluated what effect two thresholds in the proposed method, such as the dropped-packet and the packet-in-buffer thresholds, had on throughput and established a policy to set these two thresholds.