Low rate TCP denial-of-service attack detection at edge routers

Author

Shevtekar, Amey ; Anantharam, Karunakar ; Ansari, Nirwan

Author_Institution

ECE Dept., NJIT, Newark, NJ, USA

Volume

9

Issue

4

fYear

2005

fDate

4/1/2005 12:00:00 AM

Firstpage

363

Lastpage

365

Abstract

Low rate TCP denial-of-service attacks are a new type of DoS attacks that are carefully orchestrated to exploit the fixed minimum TCP RTO property and thereby deny services to legitimate users. This type of attacks is different from traditional flood-based attacks and hence conventional solutions to detect these attacks are not applicable. We propose a novel approach to detect these attack flows at edge routers. A flow exhibiting a periodic pattern is marked malicious if its burst length is greater than or equal to RTTs of other connections with the same server and its time period is equal to the fixed minimum RTO. A carefully designed light weight data structure is proposed to store the necessary flow history at edge routers. Simulation results show that such flows can be detected by our proposed approach, which does not require any modification to TCP congestion control algorithms like randomizing the fixed minimum RTO.

Keywords

Internet; client-server systems; computer network reliability; queueing theory; telecommunication congestion control; telecommunication services; transport protocols; DoS; RTO; RTT; TCP; congestion control algorithm; data structure; denial-of-service; edge router; flow detection; periodic pattern; server system; traditional flood-based attack; transmission control protocol; Banking; Computer crime; Condition monitoring; Data structures; Helium; History; Internet; Protocols; Scalability; Security;

fLanguage

English

Journal_Title

Communications Letters, IEEE

Publisher

ieee

ISSN

1089-7798

Type

jour

DOI

10.1109/LCOMM.2005.1413635

Filename

1413635