Defense against low-rate TCP-targeted denial-of-service attacks

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Guang Yang Articles by M. Gerla Articles by M.Y. Sanadidi

Ninth IEEE Symposium on Computers and Communications 2004 Volume 1 (ISCC'04)

Alexandria, Egypt

June 28-July 01

ISBN: 0-7803-8623-X

	ASCII Text	x
	Guang Yang, M. Gerla, M.Y. Sanadidi, "Defense against low-rate TCP-targeted denial-of-service attacks," Computers and Communications, IEEE Symposium on, vol. 1, pp. 345-350, Ninth IEEE Symposium on Computers and Communications 2004 Volume 1 (ISCC'04), 2004.

	BibTex	x
	@article{ 10.1109/ISCC.2004.1358428, author = {Guang Yang and M. Gerla and M.Y. Sanadidi}, title = {Defense against low-rate TCP-targeted denial-of-service attacks}, journal ={Computers and Communications, IEEE Symposium on}, volume = {1}, year = {2004}, isbn = {0-7803-8623-X}, pages = {345-350}, doi = {http://doi.ieeecomputersociety.org/10.1109/ISCC.2004.1358428}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computers and Communications, IEEE Symposium on TI - Defense against low-rate TCP-targeted denial-of-service attacks SN - 0-7803-8623-X SP345 EP350 A1 - Guang Yang, A1 - M. Gerla, A1 - M.Y. Sanadidi, PY - 2004 VL - 1 JA - Computers and Communications, IEEE Symposium on ER -

Guang Yang, Dept. of Comput. Sci., California Univ., Los Angeles, CA, USA

M. Gerla, Dept. of Comput. Sci., California Univ., Los Angeles, CA, USA

M.Y. Sanadidi, Dept. of Comput. Sci., California Univ., Los Angeles, CA, USA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ISCC.2004.1358428

Low-rate TCP-targeted denial-of-service (DoS) attacks aim at the fact that most operating systems in use today have a common base TCP retransmission timeout (RTO) of 1 sec. An attacker injects periodic bursts of packets to fill the bottleneck queue and forces TCP connections to timeout with near-zero throughput. This work proposes randomization on TCP RTO as defense against such attacks. With RTO randomization, an attacker cannot predict the next TCP timeout and consequently cannot inject the burst at the exact instant. An analytic performance model on the throughput of randomized TCP is developed and validated. Simulation results show that randomization can effectively mitigate the impact of such DoS attacks while maintaining fairness and friendliness to other connections.

Citation:

Guang Yang, M. Gerla, M.Y. Sanadidi, "Defense against low-rate TCP-targeted denial-of-service attacks," iscc, vol. 1, pp.345-350, Ninth IEEE Symposium on Computers and Communications 2004 Volume 1 (ISCC'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.