On a Mathematical Model for Low-Rate Shrew DDoS
The shrew distributed denial of service (DDoS) attack is very detrimental for many applications, since it can throttle TCP flows to a small fraction of their ideal rate at very low attack cost. Earlier works mainly focused on empirical studies of defending against the shrew DDoS, and very few of the...
Gespeichert in:
| Veröffentlicht in: | IEEE transactions on information forensics and security 2014-07, Vol.9 (7), p.1069-1083 |
|---|---|
| Hauptverfasser: | , , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 1083 |
|---|---|
| container_issue | 7 |
| container_start_page | 1069 |
| container_title | IEEE transactions on information forensics and security |
| container_volume | 9 |
| creator | Luo, Jingtang Yang, Xiaolong Wang, Jin Xu, Jie Sun, Jian Long, Keping |
| description | The shrew distributed denial of service (DDoS) attack is very detrimental for many applications, since it can throttle TCP flows to a small fraction of their ideal rate at very low attack cost. Earlier works mainly focused on empirical studies of defending against the shrew DDoS, and very few of them provided analytic results about the attack itself. In this paper, we propose a mathematical model for estimating attack effect of this stealthy type of DDoS. By originally capturing the adjustment behaviors of victim TCPs congestion window, our model can comprehensively evaluate the combined impact of attack pattern (i.e., how the attack is configured) and network environment on attack effect (the existing models failed to consider the impact of network environment). Henceforth, our model has higher accuracy over a wider range of network environments. The relative error of our model remains around 10% for most attack patterns and network environments, whereas the relative error of the benchmark model in previous works has a mean value of 69.57%, and it could be more than 180% in some cases. More importantly, our model reveals some novel properties of the shrew attack from the interaction between attack pattern and network environment, such as the minimum cost formula to launch a successful attack, and the maximum effect formula of a shrew attack. With them, we are able to find out how to adaptively tune the attack parameters (e.g., the DoS burst length) to improve its attack effect in a given network environment, and how to reconfigure the network resource (e.g., the bottleneck buffer size) to mitigate the shrew DDoS with a given attack pattern. Finally, based on our theoretical results, we put forward a simple strategy to defend the shrew attack. The simulation results indicate that this strategy can remarkably increase TCP throughput by nearly half of the bottleneck bandwidth (and can be higher) for general attack patterns. |
| doi_str_mv | 10.1109/TIFS.2014.2321034 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_pasca</sourceid><recordid>TN_cdi_pascalfrancis_primary_28696639</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6807757</ieee_id><sourcerecordid>3377774231</sourcerecordid><originalsourceid>FETCH-LOGICAL-c399t-42cc8278bd88bda932b09c4eb05f34daca65499d3af7623adeb196ce78406e923</originalsourceid><addsrcrecordid>eNpdkF1rwjAUhsPYYM7tB4zdFMZgN9V8NR-XQ-cmKMJ01yGmp1ipjUsqsn-_FsWLXYQE8rwv5zwIPRI8IATr4Wo6WQ4oJnxAGSWY8SvUI1kmUoEpub68CbtFdzFuMeacCNVDw0Wd2GRumw3sbFM6WyVzn0OVFD4kM39Mv2wDyXIT4JiMx355j24KW0V4ON999D15X40-09niYzp6m6WOad2knDqnqFTrXLXHakbXWDsOa5wVjOfWWZFxrXNmCykoszmsiRYOpOJYgKasj15Pvfvgfw4QG7Mro4OqsjX4QzRECK3bLYhs0ed_6NYfQt1OZ0jGM62lol0hOVEu-BgDFGYfyp0Nv4Zg0yk0nULTKTRnhW3m5dxsY2umCLZ2ZbwEqRJaCKZb7unElQBw-RYKS5lJ9gdVA3ab</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1545997822</pqid></control><display><type>article</type><title>On a Mathematical Model for Low-Rate Shrew DDoS</title><source>IEEE Electronic Library (IEL)</source><creator>Luo, Jingtang ; Yang, Xiaolong ; Wang, Jin ; Xu, Jie ; Sun, Jian ; Long, Keping</creator><creatorcontrib>Luo, Jingtang ; Yang, Xiaolong ; Wang, Jin ; Xu, Jie ; Sun, Jian ; Long, Keping</creatorcontrib><description>The shrew distributed denial of service (DDoS) attack is very detrimental for many applications, since it can throttle TCP flows to a small fraction of their ideal rate at very low attack cost. Earlier works mainly focused on empirical studies of defending against the shrew DDoS, and very few of them provided analytic results about the attack itself. In this paper, we propose a mathematical model for estimating attack effect of this stealthy type of DDoS. By originally capturing the adjustment behaviors of victim TCPs congestion window, our model can comprehensively evaluate the combined impact of attack pattern (i.e., how the attack is configured) and network environment on attack effect (the existing models failed to consider the impact of network environment). Henceforth, our model has higher accuracy over a wider range of network environments. The relative error of our model remains around 10% for most attack patterns and network environments, whereas the relative error of the benchmark model in previous works has a mean value of 69.57%, and it could be more than 180% in some cases. More importantly, our model reveals some novel properties of the shrew attack from the interaction between attack pattern and network environment, such as the minimum cost formula to launch a successful attack, and the maximum effect formula of a shrew attack. With them, we are able to find out how to adaptively tune the attack parameters (e.g., the DoS burst length) to improve its attack effect in a given network environment, and how to reconfigure the network resource (e.g., the bottleneck buffer size) to mitigate the shrew DDoS with a given attack pattern. Finally, based on our theoretical results, we put forward a simple strategy to defend the shrew attack. The simulation results indicate that this strategy can remarkably increase TCP throughput by nearly half of the bottleneck bandwidth (and can be higher) for general attack patterns.</description><identifier>ISSN: 1556-6013</identifier><identifier>EISSN: 1556-6021</identifier><identifier>DOI: 10.1109/TIFS.2014.2321034</identifier><identifier>CODEN: ITIFA6</identifier><language>eng</language><publisher>New York, NY: IEEE</publisher><subject>Adaptation models ; Applied sciences ; Bandwidth ; Computer crime ; Computer information security ; Computer science; control theory; systems ; Computer systems and distributed systems. User interface ; Delays ; Denial of service attacks ; Errors ; Estimating ; Exact sciences and technology ; Mathematical model ; Mathematical models ; Memory and file management (including protection and security) ; Memory organisation. Data processing ; Networks ; Packet loss ; Software ; Strategy ; TCP (protocol) ; Throughput</subject><ispartof>IEEE transactions on information forensics and security, 2014-07, Vol.9 (7), p.1069-1083</ispartof><rights>2015 INIST-CNRS</rights><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Jul 2014</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c399t-42cc8278bd88bda932b09c4eb05f34daca65499d3af7623adeb196ce78406e923</citedby><cites>FETCH-LOGICAL-c399t-42cc8278bd88bda932b09c4eb05f34daca65499d3af7623adeb196ce78406e923</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6807757$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>315,781,785,797,27929,27930,54763</link.rule.ids><backlink>$$Uhttp://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=28696639$$DView record in Pascal Francis$$Hfree_for_read</backlink></links><search><creatorcontrib>Luo, Jingtang</creatorcontrib><creatorcontrib>Yang, Xiaolong</creatorcontrib><creatorcontrib>Wang, Jin</creatorcontrib><creatorcontrib>Xu, Jie</creatorcontrib><creatorcontrib>Sun, Jian</creatorcontrib><creatorcontrib>Long, Keping</creatorcontrib><title>On a Mathematical Model for Low-Rate Shrew DDoS</title><title>IEEE transactions on information forensics and security</title><addtitle>TIFS</addtitle><description>The shrew distributed denial of service (DDoS) attack is very detrimental for many applications, since it can throttle TCP flows to a small fraction of their ideal rate at very low attack cost. Earlier works mainly focused on empirical studies of defending against the shrew DDoS, and very few of them provided analytic results about the attack itself. In this paper, we propose a mathematical model for estimating attack effect of this stealthy type of DDoS. By originally capturing the adjustment behaviors of victim TCPs congestion window, our model can comprehensively evaluate the combined impact of attack pattern (i.e., how the attack is configured) and network environment on attack effect (the existing models failed to consider the impact of network environment). Henceforth, our model has higher accuracy over a wider range of network environments. The relative error of our model remains around 10% for most attack patterns and network environments, whereas the relative error of the benchmark model in previous works has a mean value of 69.57%, and it could be more than 180% in some cases. More importantly, our model reveals some novel properties of the shrew attack from the interaction between attack pattern and network environment, such as the minimum cost formula to launch a successful attack, and the maximum effect formula of a shrew attack. With them, we are able to find out how to adaptively tune the attack parameters (e.g., the DoS burst length) to improve its attack effect in a given network environment, and how to reconfigure the network resource (e.g., the bottleneck buffer size) to mitigate the shrew DDoS with a given attack pattern. Finally, based on our theoretical results, we put forward a simple strategy to defend the shrew attack. The simulation results indicate that this strategy can remarkably increase TCP throughput by nearly half of the bottleneck bandwidth (and can be higher) for general attack patterns.</description><subject>Adaptation models</subject><subject>Applied sciences</subject><subject>Bandwidth</subject><subject>Computer crime</subject><subject>Computer information security</subject><subject>Computer science; control theory; systems</subject><subject>Computer systems and distributed systems. User interface</subject><subject>Delays</subject><subject>Denial of service attacks</subject><subject>Errors</subject><subject>Estimating</subject><subject>Exact sciences and technology</subject><subject>Mathematical model</subject><subject>Mathematical models</subject><subject>Memory and file management (including protection and security)</subject><subject>Memory organisation. Data processing</subject><subject>Networks</subject><subject>Packet loss</subject><subject>Software</subject><subject>Strategy</subject><subject>TCP (protocol)</subject><subject>Throughput</subject><issn>1556-6013</issn><issn>1556-6021</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2014</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><recordid>eNpdkF1rwjAUhsPYYM7tB4zdFMZgN9V8NR-XQ-cmKMJ01yGmp1ipjUsqsn-_FsWLXYQE8rwv5zwIPRI8IATr4Wo6WQ4oJnxAGSWY8SvUI1kmUoEpub68CbtFdzFuMeacCNVDw0Wd2GRumw3sbFM6WyVzn0OVFD4kM39Mv2wDyXIT4JiMx355j24KW0V4ON999D15X40-09niYzp6m6WOad2knDqnqFTrXLXHakbXWDsOa5wVjOfWWZFxrXNmCykoszmsiRYOpOJYgKasj15Pvfvgfw4QG7Mro4OqsjX4QzRECK3bLYhs0ed_6NYfQt1OZ0jGM62lol0hOVEu-BgDFGYfyp0Nv4Zg0yk0nULTKTRnhW3m5dxsY2umCLZ2ZbwEqRJaCKZb7unElQBw-RYKS5lJ9gdVA3ab</recordid><startdate>20140701</startdate><enddate>20140701</enddate><creator>Luo, Jingtang</creator><creator>Yang, Xiaolong</creator><creator>Wang, Jin</creator><creator>Xu, Jie</creator><creator>Sun, Jian</creator><creator>Long, Keping</creator><general>IEEE</general><general>Institute of Electrical and Electronics Engineers</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>IQODW</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7TB</scope><scope>8FD</scope><scope>FR3</scope><scope>JQ2</scope><scope>KR7</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>F28</scope></search><sort><creationdate>20140701</creationdate><title>On a Mathematical Model for Low-Rate Shrew DDoS</title><author>Luo, Jingtang ; Yang, Xiaolong ; Wang, Jin ; Xu, Jie ; Sun, Jian ; Long, Keping</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c399t-42cc8278bd88bda932b09c4eb05f34daca65499d3af7623adeb196ce78406e923</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2014</creationdate><topic>Adaptation models</topic><topic>Applied sciences</topic><topic>Bandwidth</topic><topic>Computer crime</topic><topic>Computer information security</topic><topic>Computer science; control theory; systems</topic><topic>Computer systems and distributed systems. User interface</topic><topic>Delays</topic><topic>Denial of service attacks</topic><topic>Errors</topic><topic>Estimating</topic><topic>Exact sciences and technology</topic><topic>Mathematical model</topic><topic>Mathematical models</topic><topic>Memory and file management (including protection and security)</topic><topic>Memory organisation. Data processing</topic><topic>Networks</topic><topic>Packet loss</topic><topic>Software</topic><topic>Strategy</topic><topic>TCP (protocol)</topic><topic>Throughput</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Luo, Jingtang</creatorcontrib><creatorcontrib>Yang, Xiaolong</creatorcontrib><creatorcontrib>Wang, Jin</creatorcontrib><creatorcontrib>Xu, Jie</creatorcontrib><creatorcontrib>Sun, Jian</creatorcontrib><creatorcontrib>Long, Keping</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>Pascal-Francis</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Mechanical & Transportation Engineering Abstracts</collection><collection>Technology Research Database</collection><collection>Engineering Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Civil Engineering Abstracts</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ANTE: Abstracts in New Technology & Engineering</collection><jtitle>IEEE transactions on information forensics and security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Luo, Jingtang</au><au>Yang, Xiaolong</au><au>Wang, Jin</au><au>Xu, Jie</au><au>Sun, Jian</au><au>Long, Keping</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>On a Mathematical Model for Low-Rate Shrew DDoS</atitle><jtitle>IEEE transactions on information forensics and security</jtitle><stitle>TIFS</stitle><date>2014-07-01</date><risdate>2014</risdate><volume>9</volume><issue>7</issue><spage>1069</spage><epage>1083</epage><pages>1069-1083</pages><issn>1556-6013</issn><eissn>1556-6021</eissn><coden>ITIFA6</coden><abstract>The shrew distributed denial of service (DDoS) attack is very detrimental for many applications, since it can throttle TCP flows to a small fraction of their ideal rate at very low attack cost. Earlier works mainly focused on empirical studies of defending against the shrew DDoS, and very few of them provided analytic results about the attack itself. In this paper, we propose a mathematical model for estimating attack effect of this stealthy type of DDoS. By originally capturing the adjustment behaviors of victim TCPs congestion window, our model can comprehensively evaluate the combined impact of attack pattern (i.e., how the attack is configured) and network environment on attack effect (the existing models failed to consider the impact of network environment). Henceforth, our model has higher accuracy over a wider range of network environments. The relative error of our model remains around 10% for most attack patterns and network environments, whereas the relative error of the benchmark model in previous works has a mean value of 69.57%, and it could be more than 180% in some cases. More importantly, our model reveals some novel properties of the shrew attack from the interaction between attack pattern and network environment, such as the minimum cost formula to launch a successful attack, and the maximum effect formula of a shrew attack. With them, we are able to find out how to adaptively tune the attack parameters (e.g., the DoS burst length) to improve its attack effect in a given network environment, and how to reconfigure the network resource (e.g., the bottleneck buffer size) to mitigate the shrew DDoS with a given attack pattern. Finally, based on our theoretical results, we put forward a simple strategy to defend the shrew attack. The simulation results indicate that this strategy can remarkably increase TCP throughput by nearly half of the bottleneck bandwidth (and can be higher) for general attack patterns.</abstract><cop>New York, NY</cop><pub>IEEE</pub><doi>10.1109/TIFS.2014.2321034</doi><tpages>15</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1556-6013 |
| ispartof | IEEE transactions on information forensics and security, 2014-07, Vol.9 (7), p.1069-1083 |
| issn | 1556-6013 1556-6021 |
| language | eng |
| recordid | cdi_pascalfrancis_primary_28696639 |
| source | IEEE Electronic Library (IEL) |
| subjects | Adaptation models Applied sciences Bandwidth Computer crime Computer information security Computer science control theory systems Computer systems and distributed systems. User interface Delays Denial of service attacks Errors Estimating Exact sciences and technology Mathematical model Mathematical models Memory and file management (including protection and security) Memory organisation. Data processing Networks Packet loss Software Strategy TCP (protocol) Throughput |
| title | On a Mathematical Model for Low-Rate Shrew DDoS |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-15T21%3A38%3A32IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_pasca&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=On%20a%20Mathematical%20Model%20for%20Low-Rate%20Shrew%20DDoS&rft.jtitle=IEEE%20transactions%20on%20information%20forensics%20and%20security&rft.au=Luo,%20Jingtang&rft.date=2014-07-01&rft.volume=9&rft.issue=7&rft.spage=1069&rft.epage=1083&rft.pages=1069-1083&rft.issn=1556-6013&rft.eissn=1556-6021&rft.coden=ITIFA6&rft_id=info:doi/10.1109/TIFS.2014.2321034&rft_dat=%3Cproquest_pasca%3E3377774231%3C/proquest_pasca%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1545997822&rft_id=info:pmid/&rft_ieee_id=6807757&rfr_iscdi=true |