Low-High Burst: A Double Potency Varying-RTT Based Full-Buffer Shrew Attack Model

Wang, Minxiao; Wu, Zhijun

doi:10.1109/tdsc.2019.2948167

Cited by 9 publications

(3 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…During this period, the window is in the steady phase. As cwnd is not less than cwnd tcp , the window follows the cubic function increment from 39 to 50, which agrees with the theoretical value calculated by (15). In addition, Fig.…”

Section: A Verification Of Attack Modelssupporting

confidence: 88%

See 1 more Smart Citation

High-Potency Models of LDoS Attack Against CUBIC + RED

Wu²,

Wang³

2021

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

A TCP-targeted low-rate denial of service (LDoS) attack exploits the vulnerabilities of TCP congestion control mechanism. The most widely used TCP congestion control algorithm, CUBIC, increases the resilience to LDoS. This paper explores high-potency patterns of LDoS attacks against CUBIC TCP under the RED queue management scenario, and develops two attack models, the D-and Smodels to maximize attack potency (i.e., the damage-to-cost ratio). Theoretical analyses and extensive experiments are conducted to validate the proper function of the models and evaluate their performance. Test results show that the models can effectively throttle CUBIC TCP throughput. Under standard-configured network parameters, one attack unit can damage up to about 21 and 26 TCP units for the D-and S-models, respectively, which represents an increase in attack potency about 20%. The attack potencies of our proposed models are at least 250% greater than that of the traditional attack model. In addition, with variations in different network parameters, these two models are still efficient and alternatively maximize the attack potency. Finally, attack countermeasures are outlined. The present study offers a basis to explore new attack manners which may be exploited by attackers and inspires researchers to develop new measurements against such attack.

show abstract

Section: A Verification Of Attack Modelssupporting

confidence: 88%

“…2)As the RED algorithm does not make the router buffer full, the traditional full-buffer LDoS attack is no longer applicable [15].…”

Section: Introductionmentioning

confidence: 99%

High-Potency Models of LDoS Attack Against CUBIC + RED

Wu²,

Wang³

2021

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

show abstract

“…This attack was first idealized by Guirguis et al in [37] and subsequently improved by Yue et al in [38] and [39]. The aim is to send high-rate traffic bursts only after the queue router buffer is full.…”

Section: ) Full-buffer Shrew Attackmentioning

confidence: 99%

Detection and Mitigation of Low-Rate Denial-of-Service Attacks: A Survey

et al. 2022

View full text Add to dashboard Cite

The potential for being the target of Denial of Service (DoS) attacks is one of the most severe security threats on the Internet. Attackers have been modifying their attack format over the years, damaging specific conditions of operating systems and protocols in an attempt to deny or diminish the quality of the service provided to legitimate users. Nowadays, attacks are stealthier and mimic legitimate user traffic in such a way that detection mechanisms against High-rate DoS attacks are no longer sufficient. This evolving type of attack, known as LDoS (Low-rate Denial of Service) attacks, has the potential to produce more damage than its predecessor due to its stealth nature and the lack of suitable detection and defense methods. This survey summarizes and complements previous studies and surveys related to this specific type of attack. First, we propose a taxonomy of the LDoS attacks, which were divided into three broad categories based on their modus operandi: QoS attacks, Slow rate attacks, and Service queue attacks. Next, we detail numerous detection mechanisms and counter-measures available against eight types of LDoS attacks. More specifically, we describe the methods used to throttle the attack traffic. Finally, we provide a feature comparison table for some existing attack tools. This survey aims at providing an extensive review of the literature for helping researchers and network administrators find up-to-date knowledge on LDoS attacks.

show abstract