Protecting Internet Services from Low-Rate DoS Attacks

  • Yajuan Tang
  • Xiapu Luo
  • Rocky Chang
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 253)

Feedback control is an important element in the engineering of stable Internet services. However, feedback channels are vulnerable to various Internet attacks. This paper shows analytically that the recently proposed low-rate denial-of-service (DoS) attacks can degrade Internet services by generating intermittent false feedback signals. The effectiveness of the attacks is evaluated using a control-theoretic approach for a general feedback control system and detailed analysis for a specific system. A nonparametric algorithm based on changes in traffic distribution is proposed for detecting attacks.

Keywords: Feedback control, low-rate DoS attacks, detection, countermeasures


Arrival Rate False Alarm Rate Admission Rate Active Queue Management Attack Period 


  1. [1]
    M. Chan, E. Chang, L. Lu and S. Ngiam, Effect of malicious synchronization, in Applied Cryptography and Network Security (LNCS 3989), J. Zhou, M. Yung and F. Bao (Eds. ), Springer, Berlin-Heidelberg, Germany, pp. 114-129, 2006.CrossRefGoogle Scholar
  2. [2]
    Y. Chen and K. Hwang, Collaborative detection and filtering of shrew DDoS attacks using spectral analysis, Journal of Parallel and Distributed Computing, vol. 66(9), pp. 1137-1151, 2006.CrossRefMATHGoogle Scholar
  3. [3]
    Y. Diao, J. Hellerstein, S. Parekh, R. Griffith, G. Kaiser and D. Phung, Self-managing systems: A control theory foundation, Proceedings of the Twelfth IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, pp. 441-448, 2005.Google Scholar
  4. [4]
    Y. Diao, S. Parekh, R. Griffith, G. Kaiser, D. Phung and J. Hellerstein, A control theory foundation for self-managing computing systems, IEEE Journal on Selected Areas of Communications, vol. 23(12), pp. 2213-2222, 2005.CrossRefGoogle Scholar
  5. [5]
    H. Fan, O.Zaïane, A. Foss and J. Wu, A nonparametric outlier detection for effectively discovering top n outliers from engineering data, in Ad-vances in Knowledge Discovery and Data Mining (LNCS 3918), W. Ng, M. Kitsuregawa, J. Li and K. Chang (Eds. ), Springer, Berlin-Heidelberg, Germany, pp. 557-566, 2006.CrossRefGoogle Scholar
  6. [6]
    M. Guirguis, A. Bestavros and I. Matta, Exploiting the transients of adap- tation for RoQ attacks on Internet resources, Proceedings of the Twelfth IEEE International Conference on Network Protocols, pp. 184-195, 2004.Google Scholar
  7. [7]
    M. Guirguis, A. Bestavros, I. Matta and Y. Zhang, Reduction of quality (RoQ) attacks on Internet end-systems, Proceedings of the Twenty-Fourth Annual Joint Conference of the IEEE Computer and Communications So- cieties, vol. 2, pp. 1362-1372, 2005.Google Scholar
  8. [8]
    J. Hellerstein, Y. Diao, S. Parekh and D. Tilbury, Feedback Control of Computing Systems, John Wiley, New York, 2004.CrossRefGoogle Scholar
  9. [9]
    A. Kuzmanovic and E. Knightly, Low-rate TCP-targeted denial-of-service attacks: The shrew vs. the mice and elephants, Proceedings of the Confer- ence on Applications, Technologies, Architectures and Protocols for Com- puter Communications, pp. 75-86, 2003.Google Scholar
  10. [10]
    R. Lotlika, R. Vatsavai, M. Mohania and S. Chakravarthy, Policy schedule advisor for performance management, Proceedings of the Second International Conference on Autonomic Computing, pp. 183-192, 2005.Google Scholar
  11. [11]
    Y. Lu, T. Abdelzaher, C. Lu, L. Sha and X. Liu, Feedback control with queueing-theoretic prediction for relative delay guarantees in web servers, Proceedings of the Ninth IEEE Real-Time and Embedded Technology and Applications Symposium, pp. 208-217, 2003.Google Scholar
  12. [12]
    C. Lu, J. Stankovic, G. Tao and S. Son, Feedback control real-time scheduling: Framework, modeling and algorithms, Journal of Real-Time Systems, vol. 23(1-2), pp. 85-126, 2002.CrossRefMATHGoogle Scholar
  13. [13]
    X. Luo, E. Chan and R. Chang, Vanguard: A new detection scheme for a class of TCP-targeted denial-of-service attacks, Proceedings of the Tenth IEEE/IFIP Network Operations and Management Symposium, pp. 507-518, 2006.Google Scholar
  14. [14]
    X. Luo and R. Chang, On a new class of pulsing denial-of-service attacks and the defense, Proceedings of the Twelfth Annual Network and Distributed System Security Symposium, 2005.Google Scholar
  15. [15]
    X. Luo and R. Chang, Optimizing the pulsing denial-of-service attacks, Proceedings of the International Conference on Dependable Systems and Networks, pp. 582-591, 2005.Google Scholar
  16. [16]
    X. Luo, R. Chang and E. Chan, Performance analysis of TCP/AQM un- der denial-of-service attacks, Proceedings of the Thirteenth IEEE Interna- tional Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, pp. 97-104, 2005.Google Scholar
  17. [17]
    A. Robertsson, B. Wittenmark, M. Kihl and M. Andersson, Design and evaluation of load control in web-server systems, Proceedings of the Amer- ican Control Conference, vol. 3(30), pp. 1980-1985, 2004.Google Scholar
  18. [18]
    H. Sun, J. Lui and D. Yau, Defending against low-rate TCP attacks: Dy- namic detection and protection, Proceedings of the Twelfth IEEE Interna- tional Conference on Network Protocols, pp. 196-205, 2004.Google Scholar
  19. [19]
    M. Welsh and D. Culler, Adaptive overload control for busy Internet servers, Proceedings of the Fourth USENIX Symposium on Internet Technologies and Systems, p. 4, 2003.Google Scholar
  20. [20]
    R. Zhang, C. Lu, T. Abdelzaher and J. Stankovic, Controlware: A middle- ware architecture for feedback control of software performance, Proceedings of the Twenty-Second International Conference on Distributed Computing Systems, p. 301, 2002.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Yajuan Tang
    • 1
  • Xiapu Luo
    • 2
  • Rocky Chang
    • 3
  1. 1.Wuhan UniversityChina
  2. 2.Hong Kong Polytechnic UniversityKowloonChina
  3. 3.Department of ComputingHong Kong Polytechnic UniversityKowloonChina

Personalised recommendations