On a novel pattern of distributed low-rate denial of service attacks

详细信息    查看全文

• 作者：Xiao-ming LIU^a ; ^{liuxiaoming@bupt.edu.cn} ; Gong CHENG^b ; Miao ZHANG^a ; Shou-shan LUO^a
• 关键词：distributed low-rate DoS attacks ; time gap ; attack scheme ; defense mechanisms
• 刊名：The Journal of China Universities of Posts and Telecommunications
• 出版年：2011
• 出版时间：December, 2011
• 年：2011
• 卷：18
• 期：supp_S2
• 页码：113-118
• 全文大小：1K

文摘

Recent research has exposed that low-rate transmission control protocol (TCP)-targeted denial-of-service (DoS) attacks can cause failures of border gateway protocol (BGP) sessions and route flapping without being detected by current defense mechanisms. Deliberately constructed distributed low-rate denial of service(DLDoS) attacks can even generate surge of updates throughout the Internet. As this breed of attacks need a low-rate time gap between pulses, this time gap waste large number opportunities to form other attack flows. In this paper, we investigate the possibility and methods of employing the time gap to evoke other attack flows against target network. Simulations show that this method can exponentially reduce the number of nodes and therefore lower the cost of the attack when attacking multiple BGP sessions simultaneously. We also proposed the attack scheme and defense mechanisms of this kind of attacks.