Pulsing Denial-of-Service attacks tolerant sack-based TCP with adaptive bandwidth estimation mechanism

Pulsing Denial-of-Service (DoS) attacks, which can significantly degrade the throughput of legitimate TCP flows in a stealthy manner, are new serious threat in the Internet. Pulsing DoS attacks The attacker send periodic short bursts of traffic (i.e. pulses) to cause packet losses of TCP flows. To combat the threat of pulsing DoS attacks, we need Pulsing DoS tolerant TCP mechanisms. In addition, such improved TCP must be friendly to existing TCP. In this paper, we propose pulsing DoS tolerant TCP with adaptive bandwidth estimation mechanism to combat pulsing DoS attacks. To achieve both the robustness and friendliness we propose to use two types of bandwidth estimation mechanism and switch them depending on the situation in TCP congestion control process. The performance of the proposed method is evaluated through simulations, and is compared with the other TCP variants. From the simulation results, we verified that the proposed method can effectively mitigate the effect of pulsing DoS attacks and has frienliness to existing TCP.