An Efficient Response Time for Shrew Attack Protection in Mitigating Low-Rate Tcp-Targeted Attacks

International Journal of Computer Trends and Technology (IJCTT)          
© - August Issue 2013 by IJCTT Journal
Volume-4 Issue-8                           
Year of Publication : 2013
Authors :S.Ganesan, B.Loganathan


S.Ganesan, B.Loganathan "An Efficient Response Time for Shrew Attack Protection in Mitigating Low-Rate Tcp-Targeted Attacks"International Journal of Computer Trends and Technology (IJCTT),V4(8):2656-2660 August Issue 2013 .ISSN Published by Seventh Sense Research Group.

Abstract:- This paper presents a simple priority-tagging filtering mechanism, called SAP (Shrew Attack Protection), which protects well-behaved TCP flows against low-rate TCP-targeted Shrew attacks. In this scheme, a router maintains a simple set of counters and keeps track of the drop rate for each potential victim. If the monitored drop rates are low, all packets are treated as normal and equally complete to be admitted to the output queue and only dropped based on the AQM (Active Queue Management) policy when the output queue is full. SAP keeps tagging victim packets as high priority until their drop rate is below the fair drop rate. By preferentially dropping normal packets to protect high-priority packets, SAP can prevent low rate TCP-targeted Shrew attacks from causing a well-behaved TCP flow to lose multiple consecutive packets repeatedly. This simple strategy protects well-behaved TCP flows away from near zero throughputs (due to slow start) under an attack.



[1] M. Allman and V. Paxson, “On estimating end-to-end network path properties," in Proc. ACM SIGCOMM, [1999].
[2] C. W. Chang, S. Lee, B. Lin, and J. Wang, “The taming of the shrew: Mitigating low-rate TCP-targeted attack," in Proc. IEEE ICDCS, [2009].
[3] Y. Chen, Y.-K. Kwok, and K. Hwang, “Filtering shrew DDoS attacks using a new frequency-domain approach," in Proc. IEEE LCN Workshop Netw. Security, 2005.
[4] C.-M. Cheng, H. Kung, and K.-S. Tan, “Use of spectral analysis in defense against DoS attacks," in Proc. IEEE GLOBECOM, 2002.
[5] Cisco Systems, “Distributed Weighted Random Early Detection."
[6] “Official port number defined by IANA (Internet Assigned Numbers Authority)."
[7] Cisco Systems, “WRED and MDRR on the Cisco 12000 Series Internet outer with a Mix of Unicast, Multicast, and Voice Traffic Configuration Example."
[8] D. Clark and W. Fang, “Explicit allocation of best-effort packet delivery service," IEEE/ACM Trans. Networking, vol. 6, no. 4, 1998.
[9] M. A. El-Gendy, A. Bose, and K. G. Shin, “Evolution of the Internet QoS and support for soft real-time applications," Proc. IEEE, 2003.
[10] T. D. Feng, R. Ballantyne, and L. Trajkovic, “Implementation of BGP in a network simulator," in Applied Telecommun. Symp., 2004.
[11] S. Floyd and K. Fall, “Promoting the use of end-to-end congestion control in the internet," IEEE/ACM Trans. Networking, 1999.
[12] M. Guirguis, A. Bestavros, I. Matta, and Y. Zhang, “Reduction of quality (RoQ) attacks on Internet end systems," in Proc. IEEE INFOCOM, 2005.
[13] C. Hopps, “Analysis of an equal-cost multi-path algorithm," RFC 2992 (Informational), Nov. 2000.
[14] A. Kuzmanovic and E. W. Knightly, “Low-rate TCP-targeted denial of service attacks (The shrew vs. the mice and elephants)," in Proc. ACM SIGCOMM, 2003.
[15] Y. K. Kwok, R. Tripathi, Y. Chen, and K. Hwang, “HAWK: halting anomalies with weighted choking to rescue well-behaved TCP sessions from shrew DoS attacks," in International Conf. Computer Netw. Mobile Computing, 2005.

Keywords : — Shrew attack, differential tagging, fair drop rate.