Sciweavers

CN
2006

Distributed mechanism in detecting and defending against the low-rate TCP attack

13 years 11 months ago
Distributed mechanism in detecting and defending against the low-rate TCP attack
In this paper, we consider a distributed mechanism to detect and to defend against the low-rate TCP attack. The low-rate TCP attack is a recently discovered attack. In essence, it is a periodic short burst that exploits the homogeneity of the minimum retransmission timeout (RTO) of TCP flows and forces all affected TCP flows to backoff and enter the retransmission timeout state. When these affected TCP flows timeout and retransmit their packets, the low-rate attack will again send a short burst to force these affected TCP flows to enter RTO again. Therefore these affected TCP flows may be entitled to zero or very low transmission bandwidth. This sort of attack is difficult to identify due to a large family of attack patterns. We propose a distributed detection mechanism to identify the lowrate attack. In particular, we use the "dynamic time warping" approach to robustly and accurately identify the existence of the low-rate attack. Once the attack is detected, we use a fair re...
Haibin Sun, John C. S. Lui, David K. Y. Yau
Added 11 Dec 2010
Updated 11 Dec 2010
Type Journal
Year 2006
Where CN
Authors Haibin Sun, John C. S. Lui, David K. Y. Yau
Comments (0)