Detection and Mitigation of Induced Low Rate TCP-Targeted Denial of Service Attack

2012 IEEE Sixth International Conference on Software Security and Reliability Pub Date : 2012-06-20 DOI:10.1109/SERE.2012.27

F. Barbhuiya, V. Gupta, S. Biswas, Sukumar Nandi

{"title":"Detection and Mitigation of Induced Low Rate TCP-Targeted Denial of Service Attack","authors":"F. Barbhuiya, V. Gupta, S. Biswas, Sukumar Nandi","doi":"10.1109/SERE.2012.27","DOIUrl":null,"url":null,"abstract":"Low rate TCP-targeted denial of service attack is a cleverly crafted attack in which an attacker exploits congestion avoidance algorithm and uniformity of min RTO in Transmission Control Protocol (TCP). Attacker congest the network for a brief period of time then keep quiet for some time. This phenomenon is repeated after min RTO time. This attack causes degradation of service and denial of service to those TCP flows which satisfies certain condition. Attacker Launches this attack by exploiting the technique of optimistic acknowledgement which is used for sending of acknowledgement before data has been received. By this technique attacker induces server to perform the attack. Ever since the discovery of this attack, lot of solution, detection scheme have been proposed, each having their own merits and demerits. Mostly these schemes are complex and not scalable. In this paper a novel scheme has been proposed which reduces random bytes from a random TCP segment to verify the authenticity of those optimistic acknowledgement. As attacker does not know segment size whenever he sends optimistic acknowledgement it is dropped. Thus the attack can be mitigated using this technique.","PeriodicalId":191716,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE Sixth International Conference on Software Security and Reliability","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SERE.2012.27","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

Low rate TCP-targeted denial of service attack is a cleverly crafted attack in which an attacker exploits congestion avoidance algorithm and uniformity of min RTO in Transmission Control Protocol (TCP). Attacker congest the network for a brief period of time then keep quiet for some time. This phenomenon is repeated after min RTO time. This attack causes degradation of service and denial of service to those TCP flows which satisfies certain condition. Attacker Launches this attack by exploiting the technique of optimistic acknowledgement which is used for sending of acknowledgement before data has been received. By this technique attacker induces server to perform the attack. Ever since the discovery of this attack, lot of solution, detection scheme have been proposed, each having their own merits and demerits. Mostly these schemes are complex and not scalable. In this paper a novel scheme has been proposed which reduces random bytes from a random TCP segment to verify the authenticity of those optimistic acknowledgement. As attacker does not know segment size whenever he sends optimistic acknowledgement it is dropped. Thus the attack can be mitigated using this technique.

查看原文本刊更多论文

诱导的低速率tcp目标拒绝服务攻击的检测和缓解

低速率TCP目标拒绝服务攻击是一种利用TCP协议中拥塞避免算法和最小RTO一致性的巧妙攻击。攻击者在短暂的一段时间内阻塞网络，然后静默一段时间。该现象在最小RTO时间后重复出现。这种攻击会对满足一定条件的TCP流造成服务降级和拒绝服务。攻击者利用乐观确认技术进行攻击，该技术用于在接收数据之前发送确认。通过这种技术，攻击者诱导服务器执行攻击。自从这种攻击被发现以来，人们提出了许多解决方案、检测方案，每种方案都有自己的优缺点。这些方案大多是复杂的，不可扩展的。本文提出了一种从随机TCP报文段中减少随机字节来验证乐观确认真实性的新方案。当攻击者发送乐观确认时，攻击者不知道段大小，因此它被丢弃。因此，可以使用此技术减轻攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2012 IEEE Sixth International Conference on Software Security and Reliability

自引率

0.00%

发文量