A proactive test based differentiation technique to mitigate low rate DoS attacks

Amey Shevtekar, Nirwan Ansari

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations

Abstract

Low rate DoS attacks are emerging threats to the TCP traffic, and the VoIP traffic in the Internet. They are hard to detect as they intelligently send attack traffic inside the network to evade current router based congestion control mechanisms. We propose a practical attack model in which botnets that can pose a serious threat to the Internet are considered. Under this model, an attacker can scatter bots across the Internet to launch the low rate DoS attack, thus essentially orchestrating the low rate DoS attack that uses random and continuous IP address spoofing, but with valid legitimate IP addresses. It is difficult to detect and mitigate such an attack. We propose a low rate DoS attack detection algorithm, which relies on the core characteristic of the low rate DoS attack in introducing high rate traffic for short periods, and then uses a proactive test based differentiation technique to filter the attack packets. The proactive test was originally proposed to defend DDoS attacks and low rate DoS attacks which tend to ignore the normal operation of network protocols, but it is tailored here to differentiate the legitimate traffic from the low rate DoS attack traffic instigated by botnets. It leverages on the conformity of legitimate flows, which obey the network protocols. It mainly differentiates legitimate connections by checking their responses to the proactive tests which include puzzles for distinguishing botnets from human users. We finally evaluate and demonstrate the performance of the proposed low rate DoS attack detection and mitigation algorithm on the real Internet traces.

Original languageEnglish (US)
Title of host publicationProceedings of 16th International Conference on Computer Communications and Networks 2007, ICCCN 2007
Pages639-644
Number of pages6
DOIs
StatePublished - 2007
Event16th International Conference on Computer Communications and Networks 2007, ICCCN 2007 - Honolulu, HI, United States
Duration: Aug 13 2007Aug 16 2007

Publication series

NameProceedings - International Conference on Computer Communications and Networks, ICCCN
ISSN (Print)1095-2055

Other

Other16th International Conference on Computer Communications and Networks 2007, ICCCN 2007
CountryUnited States
CityHonolulu, HI,
Period8/13/078/16/07

All Science Journal Classification (ASJC) codes

  • Computer Science(all)

Keywords

  • Low rate DoS
  • RoQ
  • TCP
  • VoIP

Fingerprint Dive into the research topics of 'A proactive test based differentiation technique to mitigate low rate DoS attacks'. Together they form a unique fingerprint.

Cite this