DocumentCode
3418514
Title
Denial of service detection through TCP congestion window analysis
Author
Alenezi, M. ; Reed, Martin J.
Author_Institution
Sch. of Comput. Sci. & Electron. Eng., Univ. of Essex, Colchester, UK
fYear
2013
fDate
9-12 Dec. 2013
Firstpage
145
Lastpage
150
Abstract
Denial of service is a common attack in the Internet which causes significant problems for both users and service providers. Distributed attack sources can be used to enlarge the attack in case of distributed denial of service (DDoS). Defending against DoS/DDoS attacks generally involves 3 different phases: prevention, detection and response. Detection, the subject of this paper, is one of the key steps in defending against DoS/DDoS attacks as the proper response will be linked to the detection alarm. A good detection technique provides short detection time, low false positive rate, and low computational overhead. This paper presents a novel technique which detects TCP based flooding attacks by using the TCP congestion window which is analysed using the cumulative sum (CUSUM). Network Simulator (NS2) is used to validate the proposed technique.
Keywords
Internet; computer network security; transport protocols; CUSUM; DDoS; Internet; NS2; TCP based flooding attacks; TCP congestion window analysis; cumulative sum; denial of service detection; detection alarm; distributed attack sources; distributed denial of service; network simulator; service providers; user providers; Computer crime; IP networks; Internet; Monitoring; Protocols; Servers; CUSUM; Detection; DoS; Network security;
fLanguage
English
Publisher
ieee
Conference_Titel
Internet Security (WorldCIS), 2013 World Congress on
Conference_Location
London
Type
conf
DOI
10.1109/WorldCIS.2013.6751036
Filename
6751036
Link To Document