Spectral analysis of TCP flows for defense against Reduction-of-Quality attacks

被引:25
作者
Chen, Yu [2 ]
Hwang, Kai [1 ]
机构
[1] Univ Southern Calif, Internet & Grid Comp Lab, Los Angeles, CA 90089 USA
[2] SUNY Binghamton, Binghamton, NY 13902 USA
来源
2007 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, VOLS 1-14 | 2007年
基金
美国国家科学基金会;
关键词
network security; low-rate DDoS attacks; RoQ attacks; digital signal processing; spectral analysis;
D O I
10.1109/ICC.2007.204
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
The RoQ (Reduction-of-Quality) attacks are low-rate DDoS attacks that degrade the QoS to end systems stealthily but not to deny the services completely. These attacks are more difficult to detect than the flooding DDoS attacks. This paper explores the energy distributions of Internet traffic flows in frequency domain. Normal TCP traffic flows present periodicity because of protocol behavior. Our results reveal that normal TCP flows can be segregated from malicious flows according to energy distribution properties. We discover the spectral shifting of attack flows from that of normal flows. Combining flow-level spectral analysis with sequential hypothesis testing, we propose a novel defense scheme against RoQ attacks. Our detection and filtering scheme can effectively rescue 99% legitimate TCP flows under the RoQ attacks.
引用
收藏
页码:1203 / +
页数:2
相关论文
共 28 条
[1]   Wavelet analysis of long-range-dependent traffic [J].
Abry, P ;
Veitch, D .
IEEE TRANSACTIONS ON INFORMATION THEORY, 1998, 44 (01) :2-15
[2]  
ATTIG M, 2005, P IEEE S FIELD PROGR
[3]  
BARFORD P, 2002, ACM P INT MEAS WORKS
[4]  
BAUM C, 1994, IEEE T INFORM THEORY, V40
[5]  
Chen Y., 2006, J PARALLEL DISTRIBUT, V66
[6]  
CHEN Y, 2005, 1 IEEE LCN WORKSH NE
[7]  
CHENG CM, P IEEE GLOBECOM 2002
[8]  
CHERTOV R, 2006, P 2 IEEE CREATENET C
[9]  
DELIO M, 2006, NEW BREED ATTACK ZOM
[10]  
FEINSTEIN L, 2003, P DARPA INFORM SURVI
123