Browse > Article

Performance Evaluation of Scaling based Dynamic Time Warping Algorithms for the Detection of Low-rate TCP Attacks  

So, Won-Ho (Dept. of Computer Education, Sunchon National University)
Shim, Sang-Heon (Dept. of Computer Engineering, Chonbuk National University)
Yoo, Kyoung-Min (Dept. of Computer Engineering, Chonbuk National University)
Kim, Young-Chon (Dept. of Computer Engineering, Chonbuk National University)
Publication Information
Journal of the Institute of Electronics Engineers of Korea TC / v.44, no.3, 2007 , pp. 33-40 More about this Journal
Abstract
In this paper, low-rate TCP attack as one of shrew attacks is considered and the scaling based dynamic time warping (S-DTW) algorithm is introduced. The low-rate TCP attack can not be detected by the detection method for the previous flooding DoS/DDoS (Denial of Service/Distirbuted Denial of Service) attacks due to its low average traffic rate. It, however, is a periodic short burst that exploits the homogeneity of the minimum retransmission timeout (RTO) of TCP flows and then some pattern matching mechanisms have been proposed to detect it among legitimate input flows. A DTW mechanism as one of detection approaches has proposed to detect attack input stream consisting of many legitimate or attack flows, and shown a depending method as well. This approach, however, has a problem that legitimate input stream may be caught as an attack one. In addition, it is difficult to decide a threshold for separation between the legitimate and the malicious. Thus, the causes of this problem are analyzed through simulation and the scaling by maximum auto-correlation value is executed before computing the DTW. We also discuss the results on applying various scaling approaches and using standard deviation of input streams monitored.
Keywords
Denial of Service; Shrew attack; Low-rate TCP attack; DTW algorithm; RTO;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Y. Chen, K. Hwang, 'Collaborative detection and filtering of shrew DDoS attacks using spectral analysis,' J. Parallel Distributed Computing, Vol. 66, 2006, pp.1137-151   DOI   ScienceOn
2 A. Kuzmanovic and E. Knightly, 'Low-rate TCP-targeted denial of service attacks,' In Proc. ACM SIGCOMM, Karlsruhe, Germany, August 2003
3 W. H. So, S. H. Shim, K. M. Yoo, B. J. Oh, Y. S. Kim, Y. C. Kim, 'Scaling based Dynamic Time Warping Algorithm for the Detection of Low-rate TCP Attack,' Proceedings of IEEK Fall Conf. 2006, Hanyang Univ., Korea, Nov. 2006 (in Korean)
4 A. Shevtekar, K. Anantharam, and N. Ansari, 'Low Rate TCP Denial-of-Service Attack Detection at Edge Routers,' IEEE Communications Letters, Vol. 9, No. 4, April 2005
5 김영선, 'BcN의 기술적 이슈와 전망,' 한국정보통신기술협회, 2005
6 G. Yang, M. Gerla, and M. Y. Sanadidi, 'Randomization: Defense against Low-Rate TCP-targeted Denial-of-Service Attacks,' in Proc. IEEE Symposium on Computers and Communications, July 2004, pp. 345-350
7 H. Sun, J. C. S. Lui, and D. K. Y. Yau, 'Defending Against Low-rate TCP Attacks: Dynamic Detection and Protection,' in Proc IEEE Conference on Network Protocols (ICNP2004), Oct. 2004, pp. 196-205