International Journal of Computer
Trends and Technology

Research Article | Open Access | Download PDF

Volume 4 | Issue 8 | Year 2013 | Article Id. IJCTT-V4I8P148 | DOI : https://doi.org/10.14445/22312803/IJCTT-V4I8P148

An Efficient Response Time for Shrew Attack Protection in Mitigating Low-Rate Tcp-Targeted Attacks

S.Ganesan, B.Loganathan

Citation :

S.Ganesan, B.Loganathan, "An Efficient Response Time for Shrew Attack Protection in Mitigating Low-Rate Tcp-Targeted Attacks," International Journal of Computer Trends and Technology (IJCTT), vol. 4, no. 8, pp. 2656-2660, 2013. Crossref, https://doi.org/10.14445/22312803/IJCTT-V4I8P148

Abstract

This paper presents a simple priority-tagging filtering mechanism, called SAP (Shrew Attack Protection), which protects well-behaved TCP flows against low-rate TCP-targeted Shrew attacks. In this scheme, a router maintains a simple set of counters and keeps track of the drop rate for each potential victim. If the monitored drop rates are low, all packets are treated as normal and equally complete to be admitted to the output queue and only dropped based on the AQM (Active Queue Management) policy when the output queue is full. SAP keeps tagging victim packets as high priority until their drop rate is below the fair drop rate. By preferentially dropping normal packets to protect high-priority packets, SAP can prevent low rate TCP-targeted Shrew attacks from causing a well-behaved TCP flow to lose multiple consecutive packets repeatedly. This simple strategy protects well-behaved TCP flows away from near zero throughputs (due to slow start) under an attack.

Keywords

Shrew attack, differential tagging, fair drop rate.

References

[1] M. Allman and V. Paxson, “On estimating end-toend network path properties," in Proc. ACM SIGCOMM, [1999].
[2] C. W. Chang, S. Lee, B. Lin, and J. Wang, “The taming of the shrew: Mitigating low-rate TCPtargeted attack," in Proc. IEEE ICDCS, [2009].
[3] Y. Chen, Y.-K. Kwok, and K. Hwang, “Filtering shrew DDoS attacks using a new frequency-domain approach," in Proc. IEEE LCN Workshop Netw. Security, 2005.
[4] C.-M. Cheng, H. Kung, and K.-S. Tan, “Use of spectral analysis in defense against DoS attacks," in Proc. IEEE GLOBECOM, 2002.
[5] Cisco Systems, “Distributed Weighted Random Early Detection."   
[6] “Official port number defined by IANA (Internet Assigned Numbers Authority)."
[7] Cisco Systems, “WRED and MDRR on the Cisco 12000 Series Internet outer with a Mix of Unicast, Multicast, and Example." Voice Traffic Configuration
[8] D. Clark and W. Fang, “Explicit allocation of best-effort packet delivery service," IEEE/ACM Trans. Networking, vol. 6, no. 4, 1998.
[9] M. A. El-Gendy, A. Bose, and K. G. Shin, “Evolution of the Internet QoS and support for soft real-time applications," Proc. IEEE, 2003.
[10] T. D. Feng, R. Ballantyne, and L. Trajkovic, “Implementation of BGP in a network simulator," in Applied Telecommun. Symp., 2004.
[11] S. Floyd and K. Fall, “Promoting the use of endto-end congestion control in the internet," IEEE/ACM Trans. Networking, 1999.
[12] M. Guirguis, A. Bestavros, I. Matta, and Y. Zhang, “Reduction of quality (RoQ) attacks on Internet end systems," in Proc. IEEE INFOCOM, 2005.
[13] C. Hopps, “Analysis of an equal-cost multi-path algorithm," RFC 2992 (Informational), Nov. 2000.
[14] A. Kuzmanovic and E. W. Knightly, “Low-rate TCP-targeted denial of service attacks (The shrew vs. the mice and elephants)," in Proc. ACM SIGCOMM, 2003.
[15] Y. K. Kwok, R. Tripathi, Y. Chen, and K. Hwang, “HAWK: halting anomalies with weighted choking to rescue well-behaved TCP sessions from shrew DoS attacks," in International Conf. Computer Netw. Mobile Computing, 2005. 
[16] X. Luo and R. K. C. Chang, “On a new class of pulsing denial-of-service attacks and the defense," in Proc. Netw. Distributed Syst. Security Symp., 2005.
[17] R. Mahajan, S. Floyd, and D. Wetherall, “Controlling high-bandwidth flows at the congested router," in Proc. International Conf. Netw. Protocols, 2001.
[18] M. Roesch, “Snort—lightweight intrusion detection for networks," in Proc. LISA ’99: 13th USENIX Conf. Syst. Administration, pp. 229-238, Berkeley, CA, USA, 1999. USENIX Assoc.
[20] M. Rupinder, L. Ioannis, H. S. Jamal, S. Nabil, N. Biswajit, and B. Jozef, “Empirical study of buffer management scheme for diffserv assured forwarding PHB," in ICCCN, 2000.
[21] A. Shevtekar, K. Anantharam, and N. Ansari, “Low rate TCP denialof- service attack detection at edge routers." IEEE Commun. Lett., Apr.2005.
[22] S. M. Specht and R. B. Lee, “Distributed denial of service: taxonomies of attacks, tools, and countermeasures," in Proc. International Conf. Parallel Distributed Computing Syst., 2004.