TY - GEN
T1 - A proactive test based differentiation technique to mitigate low rate DoS attacks
AU - Shevtekar, Amey
AU - Ansari, Nirwan
PY - 2007
Y1 - 2007
N2 - Low rate DoS attacks are emerging threats to the TCP traffic, and the VoIP traffic in the Internet. They are hard to detect as they intelligently send attack traffic inside the network to evade current router based congestion control mechanisms. We propose a practical attack model in which botnets that can pose a serious threat to the Internet are considered. Under this model, an attacker can scatter bots across the Internet to launch the low rate DoS attack, thus essentially orchestrating the low rate DoS attack that uses random and continuous IP address spoofing, but with valid legitimate IP addresses. It is difficult to detect and mitigate such an attack. We propose a low rate DoS attack detection algorithm, which relies on the core characteristic of the low rate DoS attack in introducing high rate traffic for short periods, and then uses a proactive test based differentiation technique to filter the attack packets. The proactive test was originally proposed to defend DDoS attacks and low rate DoS attacks which tend to ignore the normal operation of network protocols, but it is tailored here to differentiate the legitimate traffic from the low rate DoS attack traffic instigated by botnets. It leverages on the conformity of legitimate flows, which obey the network protocols. It mainly differentiates legitimate connections by checking their responses to the proactive tests which include puzzles for distinguishing botnets from human users. We finally evaluate and demonstrate the performance of the proposed low rate DoS attack detection and mitigation algorithm on the real Internet traces.
AB - Low rate DoS attacks are emerging threats to the TCP traffic, and the VoIP traffic in the Internet. They are hard to detect as they intelligently send attack traffic inside the network to evade current router based congestion control mechanisms. We propose a practical attack model in which botnets that can pose a serious threat to the Internet are considered. Under this model, an attacker can scatter bots across the Internet to launch the low rate DoS attack, thus essentially orchestrating the low rate DoS attack that uses random and continuous IP address spoofing, but with valid legitimate IP addresses. It is difficult to detect and mitigate such an attack. We propose a low rate DoS attack detection algorithm, which relies on the core characteristic of the low rate DoS attack in introducing high rate traffic for short periods, and then uses a proactive test based differentiation technique to filter the attack packets. The proactive test was originally proposed to defend DDoS attacks and low rate DoS attacks which tend to ignore the normal operation of network protocols, but it is tailored here to differentiate the legitimate traffic from the low rate DoS attack traffic instigated by botnets. It leverages on the conformity of legitimate flows, which obey the network protocols. It mainly differentiates legitimate connections by checking their responses to the proactive tests which include puzzles for distinguishing botnets from human users. We finally evaluate and demonstrate the performance of the proposed low rate DoS attack detection and mitigation algorithm on the real Internet traces.
KW - Low rate DoS
KW - RoQ
KW - TCP
KW - VoIP
UR - http://www.scopus.com/inward/record.url?scp=40949090161&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=40949090161&partnerID=8YFLogxK
U2 - 10.1109/ICCCN.2007.4317889
DO - 10.1109/ICCCN.2007.4317889
M3 - Conference contribution
AN - SCOPUS:40949090161
SN - 9781424412518
T3 - Proceedings - International Conference on Computer Communications and Networks, ICCCN
SP - 639
EP - 644
BT - Proceedings of 16th International Conference on Computer Communications and Networks 2007, ICCCN 2007
T2 - 16th International Conference on Computer Communications and Networks 2007, ICCCN 2007
Y2 - 13 August 2007 through 16 August 2007
ER -