Abstract
Low-rate Denial-of-Service attacks are stealthier and trickier than traditional DDoS attacks. According to the characteristic of periodicity and short burst in LDoS flows, a detection measure against LDoS attacks based on rate anomalies has been proposed. In the period when the router packet loss-rate is abnormal caused by the attack pulse, the rate of attack flow is large, while in other time the rate of attack flow is close to 0. In the view point of the periods that the packet loss is abnormal, we can find that the attack flow rate is far higher in these periods than the average rate, while the normal flow is lower to the average rate. In this paper, we proposed a measure that observes the flow rate in the periods that the packet loss rate is abnormal, computing the difference of the rate in these periods and the average rate. If it is beyond a certain threshold, treats the flow as a malicious flow and filters the flow with corresponding method.
Supported by National Natural Science Foundation of China (Grant No. 61070010), National Science Foundation for Post-doctoral Scientists of China, the Natural Science Foundation of Hubei Province and the Fundamental Research Funds for the Central Universities.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kuzmanovic, A., Knightly, E.W.: Low-Rate TCP Targeted Denial of Service Attacks—The Shrew vs. the Mice and Elephants. In: Proc.of 2003 ACM SIGCOMM, Karlsruhe, Germany (2003)
Chan, M.C., Chang, E.-C., Lu, L., Ngiam, P.S.: Effect of malicious synchronization. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 114–129. Springer, Heidelberg (2006)
Guirguis, M., et al.: Reduction of Quality (RoQ) Attacks on Internet End-Systems. In: Proceedings of the 24th IEEE INFOCOM (INFOCOM 2005), Miami, Florida (2005)
Guirguis, M., et al.: Exploiting the transients of adaptation for RoQ attacks on internet resources. In: Proceedings of the 12th IEEE International Conference on Network Protocols (ICNP 2004), Berlin, Germany (2004)
Sarat, S., Terzis, A.: On the effect of router buffer sizes on low-rate denial of service attacks. Institute of Electrical and Electronics Engineers Inc., San Diego (2005)
Kwok, Y.-K., et al.: HAWK, ”Halting Anomalies with Weighted choKing to rescue well-behaved TCP sessions from shrew DDoS attacks”, D-69121. Springer, Heidelberg (2005)
Sun, H., Lui, J., Yau, D.: Defending Against Low-Rate TCP Attacks: Dynamic Detection and Protection. In: Proc. ICNP 2004: the 12th IEEE International Conference on Network Protocols, Berlin, Germany (2004)
Sun, H., Lui, J.C.S., Yau, D.K.Y.: Distributed mechanism in detecting and defending against the low-rate TCP attack. Computer Networks 50(13), 2312–2330 (2006)
Chen, Y., Hwang, K.: Collaborative detection and filtering of shrew DDoS attacks using spectral analysis. Journal of Parallel and Distributed Computing 66(9), 1137–1151 (2006)
Wu, Z., Yue, M.: Kalman filter-based attack detection method LDDoS. Electronics 36(8), 1590–1594 (2008)
He, Y., Liu, T., Han, Y., Xiong, Q., Cao, Q.: A Distributed Collaborative for LDoS attack detection. Microcomputer 30(3) (2009)
He, Y., Cao, Q., Liu, T., Han, Y., Xiong, Q.: A low-rate DoS detection method based on characteristic of wavelet. Journal of Software 20(4), 930–941 (2009) (in Chinese with English abstract)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wu, L., Cheng, J., He, Y., Xu, A., Wen, P. (2011). A Low-Rate DoS Detection Based on Rate Anomalies. In: Zhang, J. (eds) Applied Informatics and Communication. ICAIC 2011. Communications in Computer and Information Science, vol 226. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23235-0_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-23235-0_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23234-3
Online ISBN: 978-3-642-23235-0
eBook Packages: Computer ScienceComputer Science (R0)