Filtering of shrew DDoS attacks in frequency domain
Open Access
- 1 January 2005
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 8 pp.-793
- https://doi.org/10.1109/lcn.2005.70
Abstract
The shrew distributed denial of service (DDoS) attacks are periodic, bursty, and stealthy in nature. They are also known as reduction of quality (RoQ) attacks. Such attacks could be even more detrimental than the widely known flooding DDoS attacks because they damage the victim servers for a long time without being noticed, thereby denying new visitors to the victim servers, which are mostly e-commerce sites. Thus, in order to minimize the huge monetary losses, there is a pressing need to effectively detect such attacks in real-time. Unfortunately, effective detection of shrew attacks remains an open problem. In this paper, we meet this challenge by proposing a new signal processing approach to identifying and detecting the attacks by examining the frequency-domain characteristics of incoming traffic flows to a server. A major strength of our proposed technique is that its detection time is less than a few seconds. Furthermore, the technique entails simple software or hardware implementations, making it easily deployable in a real-life network environmentKeywords
This publication has 16 references indexed in Scilit:
- Inferring Internet denial-of-service activityACM Transactions on Computer Systems, 2006
- Vanguard: A New Detection Scheme for a Class of TCP-targeted Denial-of-Service AttacksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- Controlling high-bandwidth flows at the congested routerPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Reduction of quality (RoQ) attacks on internet end-systemsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- A framework for classifying denial of service attacksPublished by Association for Computing Machinery (ACM) ,2003
- Low-rate TCP-targeted denial of service attacksPublished by Association for Computing Machinery (ACM) ,2003
- Using signal processing to analyze wireless data trafficPublished by Association for Computing Machinery (ACM) ,2002
- Multiscale nature of network trafficIEEE Signal Processing Magazine, 2002
- Differential equations over polynomially bounded o-minimal structuresProceedings of the American Mathematical Society, 2002
- A non-instrusive, wavelet-based approach to detecting network performance problemsPublished by Association for Computing Machinery (ACM) ,2001