Low-rate TCP-targeted denial of service attacks and counter strategies

Kuzmanovic, Aleksandar; Knightly, Edward W.

doi:10.1109/tnet.2006.880180

Cited by 171 publications

(101 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Low rate denial of service attacks is tough to detect. In this paper [36], low rate DDoS detection is tried using a combination of analytical modeling, experiments, and simulations. Low rate DOS attacks exploit TCP"s retransmission timeout mechanism.…”

Section: Figure30 "Low Rate Ddos Time Diagram"mentioning

confidence: 99%

An Overview of DDOS Attacks Detection and Prevention in the Cloud

Fakeeh¹

2016

IJAIS

View full text Add to dashboard Cite

Security is an illusion unless you are hacked. Attacks in the Cloud have more catastrophic and destructive impact on the organizations than the user might expect. As attacks are constantly evolving and making it difficult to defend. Most of the organization will try to check their devices in the cloud to protect against viruses with traditional security measures like antiviruses, or firewall thinking it secures across different attacks, but with a wide range of change in attack pattern organizations have exposed to significant operational and business consequences, not to mention public embarrassment. In this paper, we conducted the survey on DDOS (Distributed Denial of Service) attacks research work and analyzed prevention and detection methods used for DDOS attacks in the cloud. We found that there is a good amount of research scope in detecting and preventing slow client application layer attacks in the cloud.

show abstract

Section: Figure30 "Low Rate Ddos Time Diagram"mentioning

confidence: 99%

An Overview of DDOS Attacks Detection and Prevention in the Cloud

Fakeeh¹

2016

IJAIS

View full text Add to dashboard Cite

show abstract

“…The goal of these attacks is to exhaust resources in order to prevent the victim from processing new incoming connection requests. Transport layer low rate attacks [30] exploit TCP's retransmission timeout (RTO) dynamics. An attacker repeatedly sends short high-rate packet bursts, which produce packet losses (i. e., timeouts) and thus make the victim double the RTO of other TCP connections [37].…”

Section: B Analysismentioning

confidence: 99%

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network

Jansen¹,

Tschorsch²,

Johnson³

et al. 2014

Proceedings 2014 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-Tor is a distributed onion-routing network used for achieving anonymity and resisting censorship online. Because of Tor's growing popularity, it is attracting increasingly larger threats against which it was not securely designed. In this paper, we present the Sniper Attack, an extremely low cost but highly destructive denial of service attack against Tor that an adversary may use to anonymously disable arbitrary Tor relays. The attack utilizes valid protocol messages to boundlessly consume memory by exploiting Tor's end-to-end reliable data transport. We design and evaluate a prototype of the attack to show its feasibility and efficiency: our experiments show that an adversary may consume a victim relay's memory by as much as 2187 KiB/s while using at most only 92 KiB/s of upstream bandwidth. We extend our experimental results to estimate the threat against the live Tor network and find that a strategic adversary could disable all of the top 20 exit relays in only 29 minutes, thereby reducing Tor's bandwidth capacity by 35 percent. We also show how the attack enables the deanonymization of hidden services through selective denial of service by forcing them to choose guard nodes in control of the adversary. Finally, we discuss defenses against the Sniper Attack that provably render the attack ineffective, and suggest defenses against deanonymization by denial-of-service attacks in general that significantly mitigate the threat.

show abstract

“…A number of defense mechanisms have been proposed for wireline networks, such as the pushback and traceback mechanisms [13,25,27]. Another class of DoS attacks is based on the low-rate, high-volume TCP attack [18], in which an attacker periodically generates high-volume packet bursts in order to force all TCP flows to repeatedly enter the retransmission timeout state. In this paper, we describe a low-rate, low-volume signaling attack that targets 3G or equivalent wireless infrastructures.…”

Section: Related Workmentioning

confidence: 99%

On the detection of signaling DoS attacks on 3G/WiMax wireless networks

Lee

Bu²,

Woo³

2009

Computer Networks

View full text Add to dashboard Cite

Third Generation (3G) wireless networks based on the CDMA2000 and UMTS standards are now increasingly being deployed throughout the world. Because of their complex signaling and relatively limited bandwidth, these 3G networks are generally more vulnerable than their wireline counterparts, thus making them fertile ground for new attacks. In this paper, we identify and study a novel Denial of Service (DoS) attack, called signaling attack, that exploits the unique vulnerabilities of the signaling/control plane in 3G wireless networks. Using simulations driven by real traces, we are able to demonstrate the impact of a signaling attack. Specifically, we show how a well-timed low-volume signaling attack can potentially overload the control plane and detrimentally affect the key elements in a 3G wireless infrastructure. The low-volume nature of the signaling attack allows it to avoid detection by existing intrusion detection algorithms, which are often signature or volume-based. As a counter-measure, we present and evaluate an online early detection algorithm based on the statistical CUSUM method. Through the use of extensive trace-driven simulations, we demonstrate that the algorithm is robust and can identify an attack in its inception, before significant damage is done. Apart from 3G networks, we also show that many emerging wide-area networks such as 802.16/WiMax share the same vulnerability and our solution can also apply.Key words: 3G wireless, security, DoS attacks.Note: An earlier and shorter conference version of this paper appeared in IEEE INFOCOM '07 [19]. This paper additionally includes a discussion of the signaling attack in WiMax/802.16, provides evaluation on different dimensions of attacks, * Corresponding author: Patrick P. C. Lee.Email addresses: pclee@cs.columbia.edu (Patrick P. C. Lee), tbu@research.bell-labs.com (Tian Bu), woo@research.bell-labs.com (Thomas Woo) Preprint submitted to Computer NetworksApril 27, 2009 and presents more rigorous arguments in some of our analysis.

show abstract

Low-rate TCP-targeted denial of service attacks and counter strategies

Cited by 171 publications

References 31 publications

An Overview of DDOS Attacks Detection and Prevention in the Cloud

An Overview of DDOS Attacks Detection and Prevention in the Cloud

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network

On the detection of signaling DoS attacks on 3G/WiMax wireless networks

Contact Info

Product

Resources

About