Open AccessDetecting LDoS attack bursts based on queue distribution
Author(s) -
Yue Meng,
Wu Zhijun,
Wang Jingjie
Publication year - 2019
Publication title -
iet information security
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.308
H-Index - 34
eISSN - 1751-8717
pISSN - 1751-8709
DOI - 10.1049/iet-ifs.2018.5097
Subject(s) - active queue management , network congestion , computer science , denial of service attack , queue , random early detection , computer network , bandwidth throttling , real time computing , network packet , engineering , the internet , mechanical engineering , world wide web , gas compressor
Low‐rate denial of service (LDoS) attacks exploit the congestion control mechanism to degrade the network quality of service. As a classic active queue management algorithm, random early detection (RED) algorithm is widely used to avoid network congestion. However, RED is vulnerable to LDoS attacks. LDoS attacks with well‐configured attack parameters force RED queue to fluctuate severely, thereby throttling transmission control protocol (TCP) senders’ sending rate. A feedback control model is proposed to describe the process of the congestion control, by which the congestion window and queue behaviours are analysed combined. After that, a two‐dimensional queue distribution model composed of the instantaneous queue and the average queue is designed to extract the attack feature. Moreover then, a combination of a simple distance‐based approach and an adaptive threshold algorithm is proposed to detect every LDoS attack burst. Test results of network simulator (NS)‐2 simulation and test‐bed experiments indicate that the proposed detection strategy can almost completely detect LDoS attack bursts and is especially robust to legitimate short bursts.