http://iet.metastore.ingenta.com
1887

Detecting TCP ACK storm attack: a state transition modelling approach

Detecting TCP ACK storm attack: a state transition modelling approach

For access to this article, please select a purchase option:

Buy article PDF
$19.95
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Networks — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Ack-storm DoS attacks are injection attacks against an active Transmission Control Protocol (TCP) connection. These attacks can be generated by a very weak adversary and can generate amplification factor of orders of magnitude by exploiting a weakness in the TCP protocol specification. This attack requires sending two packets by the adversary with acknowledgement number greater than the sequence number used in each direction and the two end hosts will attempt to re-synchronise the sequence numbers by sending duplicate acknowledgement and enter a loop. In this study, the authors propose a state transition model based detection scheme to detect these DoS attacks. This state transition machine called constrained counting automata (CCA) has the ability to count the number of times a state has been revisited and its transitions are constrained by invariant conditions to be satisfied. They model the chances of receiving a packet with acknowledgement number greater than the sequence number used by its peer as a probability distribution and use it to set appropriate value of threshold on revisits of a state for detecting attack. By experimenting within a local network and in Internet, they show that CCA can detect Ack-storm DoS attacks.

http://iet.metastore.ingenta.com/content/journals/10.1049/iet-net.2018.5003
Loading

Related content

content/journals/10.1049/iet-net.2018.5003
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address