Title :
The detection of low-rate denial-of-service attack based on feature extraction and analysis at congestion times
Author :
Yu, Feng ; Li, Gang ; Cui, Ming
Author_Institution :
Network Center, Shenyang Jianzhu Univ., Shenyang, China
Abstract :
Low-rate denial-of-service Attack takes effect by exploiting the vulnerability of the adaptive behaviours exhibited by network protocols.lt aims at substantially decreasing the throughput of victims by sending periodical low-rate pulse,which affects TCP flows to back off and enter the retransmission timeout state.lt is hard to identify or defend due to its low-rated character. The paper analyzes the principles of attack and the deficiency of existing methods.We extract two basic signatures of LDoS Attack and propose a mechanism to detect and filter the malicious flow.Our experiments indicate that this mechanism can effictively detect the malicious flow in simulation.lt can reduce false positives of LDoS Attack detection schemes and increase the throughput of the routers.
Keywords :
computer network security; telecommunication congestion control; telecommunication traffic; transport protocols; LDoS attack detection scheme; TCP flow; congestion times; feature extraction; low-rate denial-of-service attack; network protocol; periodical low-rate pulse; retransmission timeout state; Adaptive systems; Bandwidth; Computer crime; Feature extraction; Jitter; Throughput; LDoS; attack; congestion; malicious;
Conference_Titel :
Electrical and Control Engineering (ICECE), 2011 International Conference on
Conference_Location :
Yichang
Print_ISBN :
978-1-4244-8162-0
DOI :
10.1109/ICECENG.2011.6057838
