RT Journal Article
A1 Neminath Hubballi
A1 Jonathan Santini

PB iet
T1 Detecting TCP ACK storm attack: a state transition modelling approach
JN IET Networks
VO 7
IS 6
SP 429
OP 434
AB Ack-storm DoS attacks are injection attacks against an active Transmission Control Protocol (TCP) connection. These attacks can be generated by a very weak adversary and can generate amplification factor of orders of magnitude by exploiting a weakness in the TCP protocol specification. This attack requires sending two packets by the adversary with acknowledgement number greater than the sequence number used in each direction and the two end hosts will attempt to re-synchronise the sequence numbers by sending duplicate acknowledgement and enter a loop. In this study, the authors propose a state transition model based detection scheme to detect these DoS attacks. This state transition machine called constrained counting automata (CCA) has the ability to count the number of times a state has been revisited and its transitions are constrained by invariant conditions to be satisfied. They model the chances of receiving a packet with acknowledgement number greater than the sequence number used by its peer as a probability distribution and use it to set appropriate value of threshold on revisits of a state for detecting attack. By experimenting within a local network and in Internet, they show that CCA can detect Ack-storm DoS attacks.
K1 ack-storm DoS attacks
K1 active Transmission Control Protocol connection
K1 acknowledgement number
K1 state transition model
K1 state transition machine
K1 TCP ACK storm attack
K1 injection attacks
K1 TCP protocol specification
K1 sequence number
K1 detecting attack
K1 weak adversary
DO https://doi.org/10.1049/iet-net.2018.5003
UL https://digital-library.theiet.org/;jsessionid=8g41gtms9e0u8.x-iet-live-01content/journals/10.1049/iet-net.2018.5003
LA English
SN 2047-4954
YR 2018
OL EN