Title :
Denial of service detection through TCP congestion window analysis
Author :
Alenezi, M. ; Reed, Martin J.
Author_Institution :
Sch. of Comput. Sci. & Electron. Eng., Univ. of Essex, Colchester, UK
Abstract :
Denial of service is a common attack in the Internet which causes significant problems for both users and service providers. Distributed attack sources can be used to enlarge the attack in case of distributed denial of service (DDoS). Defending against DoS/DDoS attacks generally involves 3 different phases: prevention, detection and response. Detection, the subject of this paper, is one of the key steps in defending against DoS/DDoS attacks as the proper response will be linked to the detection alarm. A good detection technique provides short detection time, low false positive rate, and low computational overhead. This paper presents a novel technique which detects TCP based flooding attacks by using the TCP congestion window which is analysed using the cumulative sum (CUSUM). Network Simulator (NS2) is used to validate the proposed technique.
Keywords :
Internet; computer network security; transport protocols; CUSUM; DDoS; Internet; NS2; TCP based flooding attacks; TCP congestion window analysis; cumulative sum; denial of service detection; detection alarm; distributed attack sources; distributed denial of service; network simulator; service providers; user providers; Computer crime; IP networks; Internet; Monitoring; Protocols; Servers; CUSUM; Detection; DoS; Network security;
Conference_Titel :
Internet Security (WorldCIS), 2013 World Congress on
Conference_Location :
London
DOI :
10.1109/WorldCIS.2013.6751036
