Sciweavers

ICC
2007
IEEE

Spectral Analysis of TCP Flows for Defense Against Reduction-of-Quality Attacks

14 years 5 months ago
Spectral Analysis of TCP Flows for Defense Against Reduction-of-Quality Attacks
Abstract - The RoQ (Reduction-of-Quality) attacks are lowrate DDoS attacks that degrade the QoS to end systems stealthily but not to deny the services completely. These attacks are more difficult to detect than the flooding DDoS attacks. This paper explores the energy distributions of Internet traffic flows in frequency domain. Normal TCP traffic flows present periodicity because of protocol behavior. Our results reveal that normal TCP flows can be segregated from malicious flows according to energy distribution properties. We discover the spectral shifting of attack flows from that of normal flows. Combining flow-level spectral analysis with sequential hypothesis testing, we propose a novel defense scheme against RoQ attacks. Our detection and filtering scheme can effectively rescue 99% legitimate TCP flows under the RoQ attacks.
Yu Chen, Kai Hwang
Added 02 Jun 2010
Updated 02 Jun 2010
Type Conference
Year 2007
Where ICC
Authors Yu Chen, Kai Hwang
Comments (0)