[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/863955.863966acmconferencesArticle/Chapter ViewAbstractPublication PagescommConference Proceedingsconference-collections
Article
Free access

Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants

Published: 25 August 2003 Publication History

Abstract

Denial of Service attacks are presenting an increasing threat to the global inter-networking infrastructure. While TCP's congestion control algorithm is highly robust to diverse network conditions, its implicit assumption of end-system cooperation results in a well-known vulnerability to attack by high-rate non-responsive flows. In this paper, we investigate a class of low-rate denial of service attacks which, unlike high-rate attacks, are difficult for routers and counter-DoS mechanisms to detect. Using a combination of analytical modeling, simulations, and Internet experiments, we show that maliciously chosen low-rate DoS traffic patterns that exploit TCP's retransmission time-out mechanism can throttle TCP flows to a small fraction of their ideal rate while eluding detection. Moreover, as such attacks exploit protocol homogeneity, we study fundamental limits of the ability of a class of randomized time-out mechanisms to thwart such low-rate DoS attacks.

References

[1]
M. Allman and V. Paxson. On estimating end-to-end network path properties. In Proceedings of ACM SIGCOMM '99, Vancouver, British Columbia, September 1999.
[2]
F. Anjum and L. Tassiulas. Fair bandwidth sharing among adaptive and non-adaptive flows in the Internet. In Proceedings of IEEE INFOCOM '99, New York, NY, March 1999.
[3]
R. L. Carter and M. E. Crovella. Measuring bottleneck link speed in packet-switched networks. Performence Evaluation, 27(28):297--318, 1996.
[4]
C. Dovrolis, P. Ramanathan, and D. Moore. What do packet dispersion techniques measure? In Proceedings of IEEE INFOCOM '01, Anchorage, Alaska, April 2001.
[5]
F. Ertemalp, D. Chiriton, and A. Bechtolsheim. Using dynamic buffer limiting to protect against belligerent flows in high-speed networks. In Proceedings of IEEE ICNP '01, Riverside, CA, November 2001.
[6]
C. Estan and G. Varghese. New directions in traffic measurement and accounting. In Proceedings of ACM SIGCOMM '02, Pittsburgh, PA, Aug. 2002.
[7]
K. Fall and S. Floyd. Simulation-based comparison of Tahoe, Reno and SACK TCP. ACM Computer Comm. Review, 5(3):5--21, July 1996.
[8]
A. Feldmann, A. C. Gilbert, P. Huang, and W. Willinger. Dynamics of IP traffic: A study of the role of variability and the impact of control. In Proceedings of ACM SIGCOMM '99, Vancouver, British Columbia, September 1999.
[9]
W. Feng, D. Kandlur, D. Saha, and K. Shin. Stochastic fair BLUE: A queue management algorithm for enforcing fairness. In Proceedings of IEEE INFOCOM '01, Anchorage, Alaska, June 2001.
[10]
S. Floyd and V. Jacobson. On traffic phase effects in packet-switched gateways. Internetworking: Research and Experience, 3(3):115--156, September 1992.
[11]
S. Floyd and V. Jacobson. Random early detection gateways for congestion avoidance. IEEE/ACM Transactions on Networking, 1(4):397--413, 1993.
[12]
S. Floyd and E. Kohler. Internet research needs better models. In Proceedings of HOTNETS '02, Princeton, New Jersey, October 2002.
[13]
S. Floyd, J. Madhavi, M. Mathis, and M. Podolsky. An extension to the selective acknowledgement (SACK) option for TCP, July 2000. Internet RFC 2883.
[14]
J. Hoe. Improving the start-up behavior of a congestion control scheme for TCP. In Proceedings of ACM SIGCOMM '96, Stanford University, CA, August 1996.
[15]
V. Jacobson. Congestion avoidance and control. ACM Computer Comm. Review, 18(4):314--329, Aug. 1988.
[16]
V. Jacobson. Pathchar: A tool to infer characteristics of Internet paths. ftp://ftp.ee.lbl.gov/pathchar/, Apr. 1997.
[17]
M. Jain and C. Dovrolis. End-to-end available bandwidth: Measurement methodology, dynamics, and relation with TCP throughput. In Proceedings of ACM SIGCOMM '02, Pittsburgh, PA, Aug. 2002.
[18]
H. Jiang and C. Dovrolis. Passive estimation of TCP round-trip times. ACM Computer Comm. Review, 32(3):5--21, July 2002.
[19]
K. Lai and M. Baker. Measuring link bandwidths using a deterministic model of packet delay. In Proceedings of ACM SIGCOMM '00, Stockholm, Sweden, August 2000.
[20]
D. Lin and R. Morris. Dynamics of Random Early Detection. In Proceedings of ACM SIGCOMM '97, Cannes, France, September 1997.
[21]
J. Liu and M. Crovella. Using loss pairs to discover network properties. In Proceedings of IEEE/ACM SIGCOMM Internet Measurement Workshop, San Francisco, CA, Nov. 2001.
[22]
R. Mahajan, S. Floyd, and D. Wetherall. Controlling high-bandwidth flows at the congested router. In Proceedings of IEEE ICNP '01, Riverside, CA, November 2001.
[23]
T. J. Ott, T. V. Lakshman, and L. Wong. SRED: Stabilized RED. In Proceedings of IEEE INFOCOM '99, New York, NY, March 1999.
[24]
R. Pain, B. Prabhakar, and K. Psounis. CHOKe, a stateless active queue management scheme for approximating fair bandwidth allocation. In Proceedings of IEEE INFOCOM '00, Tel Aviv, Israel, March 2000.
[25]
A. Pasztor and D. Veitch. High precision active probing for Internet measurement. In Proceedings of INET '01, Stockholm, Sweden, 2001.
[26]
A. Pasztor and D. Veitch. The packet size dependence of packet pair like methods. In Proceedings of IWQoS '02, Miami, FL, May 2002.
[27]
V. Paxson. End-to-end Internet packet dynamics. IEEE/ACM Transactions on Networking, 7(3):277--292, June 1999.
[28]
V. Paxson and M. Allman. Computing TCP's retransmission timer, November 2000. Internet RFC 2988.
[29]
A. Rangarajan and A. Acharya. ERUF: Early regulation of unresponsive best-effort traffic. In Proceedings of IEEE ICNP '99, Toronto, CA, October 1999.
[30]
A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent, and W. T. Strayer. Hash-based IP traceback. In Proceedings of ACM SIGCOMM '01, San Diego, CA, August 2001.
[31]
L. Zhang, S. Shenker, and D. Clark. Observation on the dynamics of a congestion control algorithm: The effects of two-way traffic. In Proceedings of ACM SIGCOMM'91, Zurich, Switzerland, September 1991.

Cited By

View all
  • (2024)Unveiling the Stealthy Threat: Low-Rate Denial of Service (LDoS) AttacksKey Issues in Network Protocols and Security [Working Title]10.5772/intechopen.1007425Online publication date: 25-Nov-2024
  • (2024)Network Security Challenges and Countermeasures for Software-Defined Smart Grids: A SurveySmart Cities10.3390/smartcities70400857:4(2131-2181)Online publication date: 2-Aug-2024
  • (2024)When SDN Meets Low-rate Threats: A Survey of Attacks and Countermeasures in Programmable NetworksACM Computing Surveys10.1145/3704434Online publication date: 30-Nov-2024
  • Show More Cited By

Index Terms

  1. Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SIGCOMM '03: Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
    August 2003
    432 pages
    ISBN:1581137354
    DOI:10.1145/863955
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 25 August 2003

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. TCP
    2. denial of service
    3. retransmission timeout

    Qualifiers

    • Article

    Conference

    SIGCOMM03
    Sponsor:

    Acceptance Rates

    SIGCOMM '03 Paper Acceptance Rate 34 of 319 submissions, 11%;
    Overall Acceptance Rate 462 of 3,389 submissions, 14%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)638
    • Downloads (Last 6 weeks)175
    Reflects downloads up to 20 Dec 2024

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Unveiling the Stealthy Threat: Low-Rate Denial of Service (LDoS) AttacksKey Issues in Network Protocols and Security [Working Title]10.5772/intechopen.1007425Online publication date: 25-Nov-2024
    • (2024)Network Security Challenges and Countermeasures for Software-Defined Smart Grids: A SurveySmart Cities10.3390/smartcities70400857:4(2131-2181)Online publication date: 2-Aug-2024
    • (2024)When SDN Meets Low-rate Threats: A Survey of Attacks and Countermeasures in Programmable NetworksACM Computing Surveys10.1145/3704434Online publication date: 30-Nov-2024
    • (2024)Flow Entry Timeout Hopping for SDN Flow Table LDoS Attack DefenseProceedings of the 2024 2nd International Conference on Internet of Things and Cloud Computing Technology10.1145/3702879.3702943(369-374)Online publication date: 27-Sep-2024
    • (2024)F3: Fast and Flexible Network Telemetry with an FPGA coprocessorProceedings of the ACM on Networking10.1145/36963972:CoNEXT4(1-22)Online publication date: 25-Nov-2024
    • (2024)Zoom2Net: Constrained Network Telemetry ImputationProceedings of the ACM SIGCOMM 2024 Conference10.1145/3651890.3672225(764-777)Online publication date: 4-Aug-2024
    • (2024)Sync-Millibottleneck Attack on Microservices Cloud ArchitectureProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3644991(799-813)Online publication date: 1-Jul-2024
    • (2024)Adaptive Weight XGBoost: Detecting and Mitigating Low-Rate DoS Attack in Network Slicing2024 IEEE Wireless Communications and Networking Conference (WCNC)10.1109/WCNC57260.2024.10571342(1-6)Online publication date: 21-Apr-2024
    • (2024)CCS: A Cross-Plane Collaboration Strategy to Defend Against LDoS Attacks in SDNIEEE Transactions on Network and Service Management10.1109/TNSM.2024.336349021:3(3522-3536)Online publication date: Jun-2024
    • (2024)Flow Interaction Graph Analysis: Unknown Encrypted Malicious Traffic DetectionIEEE/ACM Transactions on Networking10.1109/TNET.2024.337085132:4(2972-2987)Online publication date: Aug-2024
    • Show More Cited By

    View Options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Login options

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media