Filtering of shrew DDoS attacks in frequency domain

Chen, Yu; Hwang, Kai; Kwok, Yue Kuen

doi:10.1109/lcn.2005.70

Cited by 42 publications

(41 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Yu Chen et al [95][96] on the other hand have done elaborate study of Low-rate DDoS attacks or Shrew attacks. In this paper a novel approach has been proposed that filters shrew attacks by analyzing the amplitude spectrum distribution in the frequency domain.…”

Section: Spectral and Wavelets Based Detection Techniquesmentioning

confidence: 99%

Study of Self-Similarity for Detection of Rate-based Network Anomalies

Kaur¹,

Saxena²,

Gupta³

2017

IJSIA

View full text Add to dashboard Cite

show abstract

Section: Spectral and Wavelets Based Detection Techniquesmentioning

confidence: 99%

Study of Self-Similarity for Detection of Rate-based Network Anomalies

Kaur¹,

Saxena²,

Gupta³

2017

IJSIA

View full text Add to dashboard Cite

show abstract

“…Among the works proposed to mitigate the Shrew attacks are using Active Queue Management (AQM) (Aleksandra and Knightly, 2003), taking drop history of each flow into account (Mahajan et al, 2001), randomizing the fixed minimum RTO in TCP parameter in to make the synchronized attack more difficult, router-based detection using auto-correlation, fair resource allocation, detection at edge routers, halting anomaly with weighted choking, frequency domain spectrum analysis, wavelet-based approach, Shrew attack protection techniques based on signal analysis (Yu, Kai and Yu-Kwong, 2005), (Xiapu and Chang, 2005) and simple priority-tagging filtering mechanism (Chang et al, 2009). …”

Section: Low Rate Dos Attack Against Application Servers (Lordas)mentioning

confidence: 99%

Flooding Distributed Denial of Service Attacks-A Review

Ghazali

Hassan

2011

Journal of Computer Science

View full text Add to dashboard Cite

Problem statement: Flaws either in users' implementation of a network or in the standard specification of protocols has resulted in gaps that allow various kinds of network attack to be launched. Of the kinds of network attacks, denial-of-service flood attacks have caused the most severe impact. Approach: This study reviews recent researches on flood attacks and their mitigation, classifying such attacks as either high-rate flood or low-rate flood. Finally, the attacks are compared against criteria related to their characteristics, methods and impacts. Results: Denial-of-service flood attacks vary in their rates, traffic, targets, goals and impacts. However, they have general similarities that are the methods used are flooding and the main purpose is to achieve denial of service to the target. Conclusion/Recommendations: Mitigation of the denial-of-service flood attacks must correspond to the attack rates, traffic, targets, goals and impacts in order to achieve effective solution.

show abstract

“…The Internet research community has recognized the efficacy of using digital signal processing (DSP) techniques to detect DDoS attacks [5], [6], [7], [12], and [17]. These technologies sample the number of packet arrivals periodically and treated it as a time domain signal series.…”

Section: Related Workmentioning

confidence: 99%

“…We suggested to filter shrew attack flows by focusing on the extraordinary high energy allocated at the low frequency band [5]. Sun et al [24] also proposed to extract the signature of low-rate attack streams through analyzing the PSD of the autocorrelation sequence.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Spectral Analysis of TCP Flows for Defense Against Reduction-of-Quality Attacks

Chen

Hwang

2007

2007 IEEE International Conference on Communications

View full text Add to dashboard Cite

-The RoQ (Reduction-of-Quality) attacks are lowrate DDoS attacks that degrade the QoS to end systems stealthily but not to deny the services completely. These attacks are more difficult to detect than the flooding DDoS attacks. This paper explores the energy distributions of Internet traffic flows in frequency domain. Normal TCP traffic flows present periodicity because of protocol behavior. Our results reveal that normal TCP flows can be segregated from malicious flows according to energy distribution properties. We discover the spectral shifting of attack flows from that of normal flows. Combining flow-level spectral analysis with sequential hypothesis testing, we propose a novel defense scheme against RoQ attacks. Our detection and filtering scheme can effectively rescue 99% legitimate TCP flows under the RoQ attacks.

show abstract

Filtering of shrew DDoS attacks in frequency domain

Cited by 42 publications

References 18 publications

Study of Self-Similarity for Detection of Rate-based Network Anomalies

Study of Self-Similarity for Detection of Rate-based Network Anomalies

Flooding Distributed Denial of Service Attacks-A Review

Spectral Analysis of TCP Flows for Defense Against Reduction-of-Quality Attacks

Contact Info

Product

Resources

About