The NewShrew attack: A new type of low-rate TCP-Targeted DoS attack

Distributed Denial of Service (DDoS) attack has become one of the major threats to the Internet. Traditional brute-force, high-rate DDoS attacks expose many obvious anomaly features to defense systems, so that they can be easily detected and mitigated. In this paper we propose a new type of low-rate TCP-targeted DoS attack, called NewShrew, which exploits the deficiencies in TCP´s timeout mechanism and slow start mechanism. This attack could significantly degrade TCP throughput, while evading the supervision of DoS prevention systems by inconspicuously consuming a small part of network capacity. We use theoretical analysis and numerical simulations to demonstrate the effectiveness of this attack for different RTT heterogeneity, TCP variant, and network environment. We reveal the interactions among the attack parameters, and the trade-offs between throughput degradation and attack cost. Moreover, we empirically show that NewShrew outperforms the classical Shrew DoS attack in terms of lower average attack rate (averagely 47.82%), higher attack efficiency (the ratio between throughput degradation inflicted by an attack and the average attack rate of the attack) with an average of 45.79%, and higher throughput degradation (averagely 11.54%) after deploying a typical defense mechanism (namely, RTO randomization). Our work innovatively exposes TCP slow start mechanism as a possible vulnerability to adversarial attacks, hence it opens new avenue to improving the resilience of TCP.