By Topic

A Proactive Test Based Differentiation Technique to Mitigate Low Rate DoS Attacks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Amey Shevtekar ; Advanced Networking Laboratory, Department of Electrical and Computer Engineering, New Jersey Institute of Technology, Newark, NJ 07102, USA ; Nirwan Ansari

Low rate DoS attacks are emerging threats to the TCP traffic, and the VoIP traffic in the Internet. They are hard to detect as they intelligently send attack traffic inside the network to evade current router based congestion control mechanisms. We propose a practical attack model in which botnets that can pose a serious threat to the Internet are considered. Under this model, an attacker can scatter bots across the Internet to launch the low rate DoS attack, thus essentially orchestrating the low rate DoS attack that uses random and continuous IP address spoofing, but with valid legitimate IP addresses. It is difficult to detect and mitigate such an attack. We propose a low rate DoS attack detection algorithm, which relies on the core characteristic of the low rate DoS attack in introducing high rate traffic for short periods, and then uses a proactive test based differentiation technique to filter the attack packets. The proactive test was originally proposed to defend DDoS attacks and low rate DoS attacks which tend to ignore the normal operation of network protocols, but it is tailored here to differentiate the legitimate traffic from the low rate DoS attack traffic instigated by botnets. It leverages on the conformity of legitimate flows, which obey the network protocols. It mainly differentiates legitimate connections by checking their responses to the proactive tests which include puzzles for distinguishing botnets from human users. We finally evaluate and demonstrate the performance of the proposed low rate DoS attack detection and mitigation algorithm on the real Internet traces.

Published in:

Computer Communications and Networks, 2007. ICCCN 2007. Proceedings of 16th International Conference on

Date of Conference:

13-16 Aug. 2007