TY - GEN
T1 - Detecting pulsing denial-of-service attacks based on the bandwidth usage condition
AU - Tsunoda, Hiroshi
AU - Arai, Kenjirou
AU - Waizumi, Yuji
AU - Ansari, Nirwan
AU - Nemoto, Yoshiaki
PY - 2008/9/12
Y1 - 2008/9/12
N2 - Pulsing Denial-of-Service (PDoS) attacks seriously degrade the throughput of TCP flows and consequently pose a grave detrimental effect on network performance. The fact that they generate less traffic than traditional flood-based attacks makes PDoS detection more difficult. Most of the conventional PDoS detection shemes focus on the periodical pattern of the pulse trains. Therefore, attackers can easily escape the detection system by merely controlling the timing of pulse transmission. In this paper, we propose a novel and robust PDoS detection method which capitalizes on the bandwidth usage condition of network traffic in distinguishing the congestion due to normal traffic from that due to PDoS attacks. Simulation experiments have demonstrated the effectiveness of the proposed scheme in detecting PDoS attacks.
AB - Pulsing Denial-of-Service (PDoS) attacks seriously degrade the throughput of TCP flows and consequently pose a grave detrimental effect on network performance. The fact that they generate less traffic than traditional flood-based attacks makes PDoS detection more difficult. Most of the conventional PDoS detection shemes focus on the periodical pattern of the pulse trains. Therefore, attackers can easily escape the detection system by merely controlling the timing of pulse transmission. In this paper, we propose a novel and robust PDoS detection method which capitalizes on the bandwidth usage condition of network traffic in distinguishing the congestion due to normal traffic from that due to PDoS attacks. Simulation experiments have demonstrated the effectiveness of the proposed scheme in detecting PDoS attacks.
UR - http://www.scopus.com/inward/record.url?scp=51249091402&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=51249091402&partnerID=8YFLogxK
U2 - 10.1109/ICC.2008.322
DO - 10.1109/ICC.2008.322
M3 - Conference contribution
AN - SCOPUS:51249091402
SN - 9781424420742
T3 - IEEE International Conference on Communications
SP - 1670
EP - 1674
BT - ICC 2008 - IEEE International Conference on Communications, Proceedings
T2 - IEEE International Conference on Communications, ICC 2008
Y2 - 19 May 2008 through 23 May 2008
ER -