Abstract
Low-Rate Denial-of-Service (LRDoS) attack is an emerging threat to Internet because it can evade detection and defense schemes for flooding based attacks. LRDoS attack at application level is particularly difficult to counteract as it mimics legitimate client. Although there are several approaches proposed to mitigate LRDoS attacks, they are limited to particular protocols, target systems, or attack patterns that they are not able to detect this threat at application level. In this paper, we propose a nonparametric detection algorithm and a hybrid defense system to mitigate LRDoS attacks at application level. Our extensive experiments have confirmed the effectiveness of the detection and defense system.
This work is supported by the National Natural Science Foundation of China (60903185) and Industry-Universities-Research Institutes Collaboration Foundation of Guangdong (cgzhzd0717).
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Kuzmanovic, A., Knightly, E.: Low-rate TCP-targeted Denial-of-Service attacks and counter strategies. IEEE/ACM TON 14(4), 683–696 (2006)
Kuzmanovic, A., Knightly, E.: Low-rate TCP-targeted Denial-of-Service attacks: The shrew vs. the mice and elephants. In: ACM SIGCOMM (2003)
Guirguis, M., Bestavros, A., Matta, I., Zhang, Y.: Exploiting the transients of adaptation for RoQ attacks on Internet resources. In: IEEE ICNP (2004)
Guirguis, M., Bestavros, A., Matta, I., Zhang, Y.: Reduction of quality RoQ attacks on Internet end-systems. In: IEEE INFOCOM (2005)
Luo, X., Chang, R.: On a new class of Pulsing Denial-of-Service attacks and the defense. In: ISOC NDSS (2005)
Sun, H., Lui, J., Yau, D.: Defending against low-rate TCP attacks: dynamic detection and protection. In: IEEE ICNP (2004)
Chen, Y., Kwok, Y., Hwang, K.: Filtering Shrew DDoS attacks using a new frequency-domain approach. In: IEEE WoNS (2005)
Chen, Y., Hwang, K.: Collaborative detection and filtering of Shrew DDoS attacks using spectral analysis. JPDC 66(9), 1137–1151 (2006)
Shevtekar, A., Anantharam, K., Ansari, N.: Low rate TCP Denial-of-Service attack detection at edge routers. IEEE Communication Letters 9, 363–365 (2005)
Thatte, G., Mitra, U., Heidemann, J.: Detection of low-rate attacks in computer networks. In: IEEE Global Internet Symposium (2008)
Maciá-Fernández, G., Rodriguez-Góomez, R., Diaz-Verdejo, J.: Defense techniques for low-rate DoS attacks against application servers. Computer Networks 54(15), 2711–2727 (2010)
Chang, C., Lee, S., Lin, B., Wang, J.: The taming of the shrew: mitigating low-rate TCP-targeted attack. IEEE TNSM 7(1), 1–13 (2010)
Xiang, Y., Li, K., Zhou, W.: Low-rate DDoS attacks detection and traceback by using new information metrics. IEEE TIFS 6(2), 426–437 (2011)
Maciá-Fernández, G., Díaz-Verdejo, J., Garcia-Teodoro, P., Toro-Negro, F.: LoRDAS: A Low-Rate DoS Attack against Application Servers. In: Lopez, J., Hämmerli, B.M. (eds.) CRITIS 2007. LNCS, vol. 5141, pp. 197–209. Springer, Heidelberg (2008)
Ranjan, S., Swaminathan, R., Uysal, M., Knightly, E.: DDoS-resilient scheduling to counter application layer attacks under imperfect detection. In: IEEE INFOCOM (2006)
Xie, Y., Yu, S.: A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors. IEEE/ACM TON 17(1), 54–65 (2009)
Guirguis, M., Bestavros, A., Matta, I., Zhang, Y.: Reduction of quality (RoQ) attacks on dynamic load balancers: Vulnerability assessment and design tradeoffs. In: IEEE INFOCOM (2007)
Brodsky, B., Darkhovsky, B.: Non-Parametric Statistical Diagnosis Problems and Methods. Kluwer Academic Publishers (2000)
Rousseeuw, P., Hubert, M.: Robust statistics for outlier detection. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery 1(1), 73–79 (2011)
Tartakovsky, A., Rozovskii, B., Blazek, R., Kim, H.: A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods. IEEE TOSP 54(9), 3372–3382 (2006)
Kunniyur, S., Srikant, R.: Analysis and design of an adaptive virtual queue (AVQ) algorithm for active queue management. In: ACM SIGCOMM (2001)
Deng, X., Yi, S., Kesidis, G., Das, C.: Stabilized virtual buffer (SVB) - an active queue management scheme for internet Quality-of-Service. In: IEEE Globecom (2002)
Tang, Y., Luo, X., Hui, Q., Chang, R.K.: Understanding the vulnerability of feedback-control based internet services to low-rate DoS attacks (manuscript for publication)
Karagiannis, T., Molle, M., Faloutsos, M., Broido, A.: A nonstationary Poisson view of internet traffic. In: IEEE INFOCOM (2004)
Park, K., Kim, G., Crovella, M.: On the effect of traffic self-similarity on network performance. In: SPIE PCNS (1997)
Downey, A.: Evidence for long-tailed distributions in the internet. In: ACM IMW (2001)
Tang, Y.: Supplementary to ”countermeasures on application level low-rate Denial-of-Service attack”
Tang, Y., Luo, X., Chang, R.K.C.: Protecting internet services from low-rate DoS attacks. In: CIP (2007)
mini_httpd, http://www.acme.com/software/mini_httpd/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tang, Y. (2012). Countermeasures on Application Level Low-Rate Denial-of-Service Attack. In: Chim, T.W., Yuen, T.H. (eds) Information and Communications Security. ICICS 2012. Lecture Notes in Computer Science, vol 7618. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34129-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-34129-8_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34128-1
Online ISBN: 978-3-642-34129-8
eBook Packages: Computer ScienceComputer Science (R0)