A DiffServ Policy based approach for improved Shrew Attack Protection

Shrew attack which causes TCP flows to attain zero throughput or a session reset by sending a very short bursts of attack pulses synchronized with TCP retransmission timeout value and makes the TCP packets to be dropped every time during TCP retransmission timeout. It creates a false congestion at the bottleneck links / routers. The Shrew attack can send packets either to non TCP ports or to TCP ports. There is no existing system which defends the attacks on protected ports, multiple and distributed shrew attacks, efficiently. In this paper, we propose an improved Shrew Attack Protection System (iSAP) for protecting the TCP flows from attack on both protected and unprotected ports. This system is based on a newly developed DiffServ Policy which ensures identification of shrew attack flows, preferential treatment and priority scheduling of TCP flows and other unresponsive flows. The simulation results show that legitimate TCP flows and other unresponsive flows attain their high bandwidth shares in the event of Shrew Attack in various forms. This system is developed as a new DiffServ Policy which makes easy to deploy in any DiffServ enabled bottleneck routers.