• DocumentCode
    3418514
  • Title

    Denial of service detection through TCP congestion window analysis

  • Author

    Alenezi, M. ; Reed, Martin J.

  • Author_Institution
    Sch. of Comput. Sci. & Electron. Eng., Univ. of Essex, Colchester, UK
  • fYear
    2013
  • fDate
    9-12 Dec. 2013
  • Firstpage
    145
  • Lastpage
    150
  • Abstract
    Denial of service is a common attack in the Internet which causes significant problems for both users and service providers. Distributed attack sources can be used to enlarge the attack in case of distributed denial of service (DDoS). Defending against DoS/DDoS attacks generally involves 3 different phases: prevention, detection and response. Detection, the subject of this paper, is one of the key steps in defending against DoS/DDoS attacks as the proper response will be linked to the detection alarm. A good detection technique provides short detection time, low false positive rate, and low computational overhead. This paper presents a novel technique which detects TCP based flooding attacks by using the TCP congestion window which is analysed using the cumulative sum (CUSUM). Network Simulator (NS2) is used to validate the proposed technique.
  • Keywords
    Internet; computer network security; transport protocols; CUSUM; DDoS; Internet; NS2; TCP based flooding attacks; TCP congestion window analysis; cumulative sum; denial of service detection; detection alarm; distributed attack sources; distributed denial of service; network simulator; service providers; user providers; Computer crime; IP networks; Internet; Monitoring; Protocols; Servers; CUSUM; Detection; DoS; Network security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Internet Security (WorldCIS), 2013 World Congress on
  • Conference_Location
    London
  • Type

    conf

  • DOI
    10.1109/WorldCIS.2013.6751036
  • Filename
    6751036