Low-rate TCP-targeted denial of service attacks

Kuzmanovic, Aleksandar; Knightly, Edward W.

doi:10.1145/863965.863966

Cited by 246 publications

(266 citation statements)

References 23 publications

Supporting

Mentioning

259

Contrasting

Unclassified

Order By: Relevance

“…Attack Packet Rate In MANETs, the attack packet rate required to launch DoS or DDoS attacks may be much lower [24]. Firstly, the targeted mobile node is more resource restricted, requiring lower attack packet rate to exhaust its resources (e.g., bandwidth consumption attack).…”

Section: Review Of Factorsmentioning

confidence: 99%

“…In summary, to maximize the usage of allocated space while avoiding insufficient marking, it is recommended that p and K be set according to equation K = p * d est , where d est denotes the estimated path length in a specific MANET. Low Packet Rate γ: the packet rate γ will be small in cases, such as low rate DoS attacks [24], In Figure 6(e) and (f), we show the impact of the attack packet rate on traceability when K = 4 and p = 0.5. For comparison, we also show the simulation result of PPM scheme on the same traces.…”

Section: Simulation Settingsmentioning

confidence: 99%

See 1 more Smart Citation

AK-PPM: An Authenticated Packet Attribution Scheme for Mobile Ad Hoc Networks

Hsu

Chen

et al. 2012

Research in Attacks, Intrusions, and Defenses

View full text Add to dashboard Cite

Abstract. Packet traceback in mobile ad hoc networks (MANETs) is a technique for identifying the source and intermediaries of a packet forwarding path. While many IP traceback techniques have been introduced for packet attribution in the Internet, they are not directly applicable in MANETs due to unique challenges of MANET environments. In this work, we make the first effort to quantitatively analyze the impacts of node mobility, attack packet rate, and path length on the traceability of two types of well-known IP traceback schemes: probabilistic packet marking (PPM) and hash-based logging. We then present the design of an authenticated K-sized Probabilistic Packet Marking (AK-PPM) scheme, which not only improves the effectiveness of source traceback in the MANET environment, but also provides authentication for forwarding paths. We prove that AK-PPM can achieve asymptotically one-hop precise, and present the performance measurement of AK-PPM in MANETs with both analytical models and simulations.

show abstract

Section: Review Of Factorsmentioning

confidence: 99%

Section: Simulation Settingsmentioning

confidence: 99%

AK-PPM: An Authenticated Packet Attribution Scheme for Mobile Ad Hoc Networks

Hsu

Chen

et al. 2012

Research in Attacks, Intrusions, and Defenses

View full text Add to dashboard Cite

show abstract

“…More importantly, in this paper, we have focused on the harder-to-detect, low-intensity attacks, i.e., with modest aggressiveness compared to the aggressiveness required for DoS attacks. On the other hand, the "shrew" attack proposed in [28] is an example of a low-intensity, harder to detect attack which targets a set of flows to cause them to timeout. Clearly, the scope of shrew attacks is limited to targeting TCP flows which employ the timeout mechanism.…”

Section: Roq Versus Other Attacksmentioning

confidence: 99%

Adversarial exploits of end-systems adaptation dynamics

Guirguis

Bestavros

Matta

et al. 2007

Journal of Parallel and Distributed Computing

View full text Add to dashboard Cite

Internet end-systems employ various adaptation mechanisms that enable them to respond adequately to legitimate requests in overload situations. Today, these mechanisms are incorporated in most scalable end-systems through the use of one or more component subsystems such as admission controllers, traffic shapers, content transcoders, QoS Controllers, and load balancers. While the design of these components has been heavily investigated and significantly fine-tuned for efficiency and scalability purposes, the security implication of the adaptation mechanisms used in these components has not been on the radar to system designers. To that end, this paper exposes adversarial exploits of the dynamics that result from the adaptive nature of these components. We show that a well orchestrated Reduction of Quality (RoQ) attack could induce significant inefficiencies or reduce the service quality of end-systems, without resorting to brute-force Denial-of-Service (DoS) exploits that target the limited steady-state capacity of these end-systems. We present a general analytical framework that captures the effect of RoQ exploits on the underlying optimization process of the adaptation mechanisms. Using detailed models, we instantiate this general framework for some of the aforementioned end-system adaptation mechanisms, focusing on admission controllers and load balancers. Our exposition is supported with numerical solutions of analytical models, which are validated using results from detailed simulations, and measurements from real Internet experiments performed in our lab.

show abstract

“…Unfortunately, while finding effective solutions to combat DoS attacks has baffled researchers for years, an even more detrimental type of network-based attack has recently been identified [3]. This special class of attack is referred to as low-rate TCP-targeted DoS attack or shrew attack [3] that denies bandwidth resources to legitimate TCP flows in a stealthy manner.…”

Section: Introductionmentioning

confidence: 99%

“…This special class of attack is referred to as low-rate TCP-targeted DoS attack or shrew attack [3] that denies bandwidth resources to legitimate TCP flows in a stealthy manner. Indeed, unlike traditional DoS attacks, which are easy to detect by observing that the victim site is totally unable to respond, a shrew attack is very difficult to detect [3] because the adverse effects on well-behaved network connections are not easily observable.…”

Section: Introductionmentioning

confidence: 99%