Title :
Defense against low-rate TCP-targeted denial-of-service attacks
Author :
Yang, Guang ; Gerla, Mario ; Sanadidi, M.Y.
Author_Institution :
Dept. of Comput. Sci., California Univ., Los Angeles, CA, USA
fDate :
28 June-1 July 2004
Abstract :
Low-rate TCP-targeted denial-of-service (DoS) attacks aim at the fact that most operating systems in use today have a common base TCP retransmission timeout (RTO) of 1 sec. An attacker injects periodic bursts of packets to fill the bottleneck queue and forces TCP connections to timeout with near-zero throughput. This work proposes randomization on TCP RTO as defense against such attacks. With RTO randomization, an attacker cannot predict the next TCP timeout and consequently cannot inject the burst at the exact instant. An analytic performance model on the throughput of randomized TCP is developed and validated. Simulation results show that randomization can effectively mitigate the impact of such DoS attacks while maintaining fairness and friendliness to other connections.
Keywords :
Internet; packet radio networks; queueing theory; transport protocols; DoS; RTO; bottleneck queue; defense; denial-of-service attacks; low-rate TCP; randomization; retransmission timeout; Buffer overflow; Clocks; Collaborative work; Computer crime; Computer science; Frequency; Neck; Operating systems; Performance analysis; Throughput;
Conference_Titel :
Computers and Communications, 2004. Proceedings. ISCC 2004. Ninth International Symposium on
Print_ISBN :
0-7803-8623-X
DOI :
10.1109/ISCC.2004.1358428
