Detecting LDoS attack bursts based on queue distribution

Detecting LDoS attack bursts based on queue distribution

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Low-rate denial of service (LDoS) attacks exploit the congestion control mechanism to degrade the network quality of service. As a classic active queue management algorithm, random early detection (RED) algorithm is widely used to avoid network congestion. However, RED is vulnerable to LDoS attacks. LDoS attacks with well-configured attack parameters force RED queue to fluctuate severely, thereby throttling transmission control protocol (TCP) senders’ sending rate. A feedback control model is proposed to describe the process of the congestion control, by which the congestion window and queue behaviours are analysed combined. After that, a two-dimensional queue distribution model composed of the instantaneous queue and the average queue is designed to extract the attack feature. Moreover then, a combination of a simple distance-based approach and an adaptive threshold algorithm is proposed to detect every LDoS attack burst. Test results of network simulator (NS)-2 simulation and test-bed experiments indicate that the proposed detection strategy can almost completely detect LDoS attack bursts and is especially robust to legitimate short bursts.

Related content

This is a required field
Please enter a valid email address