TCP Low Rate DDoS Attack Detection

Document Type : Original Article

Author

Iran University of Science and Technology, Tehran, Iran

Abstract

Undoubtedly one of the more significant attacks on computer networks is distributed denial of service (DDoS). DDoS assaults can be divided into two groups: high rate attacks and low rate attacks. In the high rate DDoS category, the attacker tries to use all of the bandwidth available on the channel by saturating it with packets. While maintaining a low average transmission rate, the attacker conducts a DDoS attack in the low rate DDoS category (also known as LDDoS). TCP LDDoS is a low-rate DDoS assault in which the attacker takes advantage of the way TCP handles congestion. In this article, we look into a system for stopping a TCP LDDoS attack and suggest a fresh approach. We offer several observations to help distinguish between appropriate behavior and an attack. Our system produces a priority queue of flows, where flows with a high priority are valid and flows with a low priority are suspect. Using the NS2 simulation environment, we assess the suggested system. Results demonstrate that our suggested approach can accurately distinguish between attack flows and genuine flows.

References

Seryasat, O. R., & Haddadnia, J. (2017). Assessment of a novel computer aided mass diagnosis system in mammograms. Biomedical Research, 28(7), 3129-3135.
Seryasat, O. R., & Haddadnia, J. (2018). Evaluation of a new ensemble learning framework for mass classification in mammograms. Clinical breast cancer, 18(3), e407-e420.
Kuzmanovic, A., & Knightly, E. W. (2003). Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants. In Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications (pp. 75-86). ACM. doi:10.1145/863955.863966
Hernandez-Serrano, J., León, O., & Soriano, M. (2011). Modeling the lion attack in cognitive radio networks. EURASIP Journal on Wireless Communications and Networking, 2011, 2. doi:10.1155/2011/242304
Maciá-Fernández, G., Díaz-Verdejo, J. E., García-Teodoro, P., & de Toro-Negro, F. (2007). LoRDAS: A low-rate DoS attack against application servers. In International Workshop on Critical Information Infrastructures Security (pp. 197-209). Springer, Berlin, Heidelberg. doi:10.1007/978-3-540-89173-4_17
Maciá-Fernández, G., Díaz-Verdejo, J. E., García-Teodoro, P., & de Toro-Negro, F. (2007). LoRDAS: A low-rate DoS attack against application servers. In International Workshop on Critical Information Infrastructures Security (pp. 197-209). Springer, Berlin, Heidelberg. doi:10.1007/978-3-540-89173-4_17
Yang, J. S., Park, M. W., & Chung, T. M. (2013, June). A Study on Low-Rate DDoS Attacks in Real Networks. In Information Science and Applications (ICISA), 2013 International Conference on (pp. 1-4). IEEE. doi:10.1109/ICISA.2013.6579418
Delio, M. (2001). New breed of attack zombies lurk [R/OL].
Sun, H., Lui, J. C., & Yau, D. K. (2004). Defending against low-rate TCP attacks: Dynamic detection and protection (pp. 196-205). IEEE.
Luo, X., & Chang, R. K. (2005). On a New Class of Pulsing Denial-of-Service Attacks and the Defense. In NDSS.
Shevtekar, A., Anantharam, K., & Ansari, N. (2005). Low rate TCP denial-of-service attack detection at edge routers. IEEE Communications Letters, 9(4), 363-365. doi:10.1109/LCOMM.2005.1413635
Kuzmanovic, A., & Knightly, E. W. (2006). Low-rate TCP-targeted denial of service attacks and counter strategies. IEEE/ACM Transactions on Networking (TON), 14(4), 683-696. doi:10.1109/TNET.2006.880180
Shevtekar, A., & Ansari, N. (2008). A router-based technique to mitigate reduction of quality (RoQ) attacks. Computer Networks, 52(5), 957-970. doi:10.1016/j.comnet.2007.11.015
Zhang, C., Yin, J., Cai, Z., & Chen, W. (2010). RRED: robust RED algorithm to counter low-rate denial-of-service attacks. IEEE Communications Letters, 14(5). doi:10.1109/LCOMM.2010.05.091407
Razian, M. R. TCP Low Rate DDoS Attack Detection.
Xiang, Y., Li, K., & Zhou, W. (2011). Low-rate DDoS attacks detection and trace back by using new information metrics. IEEE transactions on information forensics and security, 6(2), 426-437. doi:10.1109/TIFS.2011.2107320
Mathew, R., & Katkar, V. (2011). Software based low rate dos attack detection mechanism. International journal of computer applications, 20(6), 14-18. doi:10.5120/2439-3285
Zhang, C., Cai, Z., Chen, W., Luo, X., & Yin, J. (2012). Flow level detection and filtering of low-rate DDoS. Computer Networks, 56(15), 3417-3431. doi:10.1016/j.comnet.2012.07.003
Wu, Z. J., Lei, J., Yao, D., Wang, M. H., & Musa, S. M. (2013). Chaos-based detection of LDoS attacks. Journal of Systems and Software, 86(1), 211-221. doi:10.1016/j.jss.2012.07.065
Baskar, M., Gnanasekaran, T., & Saravanan, S. (2013). Adaptive IP traceback mechanism for detecting low rate DDoS attacks. In Emerging Trends in Computing, Communication and Nanotechnology (ICE-CCN), 2013 International Conference on (pp. 373-377). IEEE. doi:10.1109/ICE-CCN.2013.6528526
Wu, Z., Cui, Y., Yue, M., Ma, L., & Wang, L. (2014). Cross-correlation based synchronization mechanism of lddos attacks. Journal of Networks, 9(3), 604. doi:10.4304/jnw.9.3.604-611
Luo, J., Yang, X., Wang, J., Xu, J., Sun, J., & Long, K. (2014). On a mathematical model for low-rate shrew DDoS. IEEE transactions on information forensics and security, 9(7), 1069–1083. doi:10.1109/tifs.2014.2321034
Tang, Y., Luo, X., Hui, Q., & Chang, R. K. (2014). Modeling the Vulnerability of Feedback-Control Based Internet Services to Low-Rate DoS Attacks. IEEE Trans. Information Forensics and Security, 9(3), 339-353. doi:10.1109/TIFS.2013.2291970
Wu, Z., Li, G., Yue, M., & Zeng, H. (2014). DDoS: Flood vs. Shrew. JCP, 9(6), 1426-1435. doi:10.4304/jcp.9.6.1426-1435
Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2015). An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recognition Letters, 51, 1-7. doi:10.1016/j.patrec.2014.07.019
Transactions on Machine Intelligence
Volume 2, Issue 1
December 2019
Pages 20-32

Files

History

  • Receive Date: 25 March 2022
  • Revise Date: 15 April 2022
  • Accept Date: 25 June 2022

Share

How to cite

Statistics