On the impact of DoS attacks on Internet traffic characteristics and QoS

Abstract

The Internet is on the way of becoming the universal communication network, and then needs to provide various services with guaranteed quality for all kinds of applications. Denial of service (DoS) attacks are then more efficient in a guaranteed multi-services network than in the "old" best effort Internet. Indeed, with best effort services, a DoS attack has to forbid the target of the attack to communicate. With a multi-services network, it is sufficient to make the network not respect the SLA (service level agreement) committed with clients, what is easier and can be performed using simple flooding attacks. Then, the question is: how does a DoS attack impact the quality of service (QoS) of a network given that networks are hugely over-provisioned, and that DoS attacks never succeed to completely overflow these high speed networks? This paper aims at answering this question as we do believe that it can help for defending the network against such attacks. The analysis of DoS attacks has been performed using traffic monitoring tools on the Internet. In particular, the analysis of attacks shows that they are increasing long range dependence (LRD) in the traffic, breaking the invariant power laws of normal Internet traffic. It is also explained in the paper, based on some normal traffic traces characterization and analysis why LRD is such a bad parameter for having good QoS.