A round-trip time-based prevention technique to secure LEO satellite networks from denial-of-service attacks

Tarik Taleb, Nei Kato, Yoshiaki Nemoto

Research output: Contribution to journalConference articlepeer-review

5 Citations (Scopus)


The development of satellite networks has recently gained a tremendous interest. The main reason beneath this interest underlies in the vision of anywhere, anytime pervasive access to the Internet over satellites. Protection of satellite systems from Denial-of-Service (DoS) attacks, a serious security threat in today's Internet, is a one major step towards making this vision a reality. The paper proposes a method to detect DoS attacks in the vicinity of flooding sources and in early stages before they cripple the system. The fundamental challenge in attack detection consists in distinguishing between simple flash events and DoS attacks so as not to deprive innocent users from having legitimate accesses. In the proposed mechanism, this distinction is based on the fact that legitimate TCP flows obey the congestion control protocol, whereas misbehaving sources remain unresponsive. Suspicious flows are sent a test feedback and are required to decrease their sending rates. Legitimacy of such flows is decided based on their responsiveness. The scheme performance is evaluated through a set of simulations and encouraging results are obtained: short detection latency and high detection accuracy.

Original languageEnglish
Pages (from-to)4012-4016
Number of pages5
JournalIEEE Vehicular Technology Conference
Issue number6
Publication statusPublished - 2004 Dec 1
Event2004 IEEE 60th Vehicular Technology Conference, VTC2004-Fall: Wireless Technologies for Global Security - Los Angeles, CA, United States
Duration: 2004 Sep 262004 Sep 29

ASJC Scopus subject areas

  • Computer Science Applications
  • Electrical and Electronic Engineering
  • Applied Mathematics


Dive into the research topics of 'A round-trip time-based prevention technique to secure LEO satellite networks from denial-of-service attacks'. Together they form a unique fingerprint.

Cite this