Browse > Article

Hybrid Scaling Based Dynamic Time Warping for Detection of Low-rate TCP Attacks  

So, Won-Ho (순천대학교 컴퓨터교육과 컴퓨터네트워크연구실)
Yoo, Kyoung-Min (전북대학교 전자정보공학부 차세대통신망연구실)
Kim, Young-Chon (전북대학교 전자정보공학부 차세대통신망연구실)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.33, no.7B, 2008 , pp. 592-600 More about this Journal
Abstract
In this paper, a Hybrid Scaling based DTW (HS-DTW) mechanism is proposed for detection of periodic shrew TCP attacks. A low-rate TCP attack which is a type of shrew DoS (Denial of Service) attacks, was reported recently, but it is difficult to detect the attack using previous flooding DoS detection mechanisms. A pattern matching method with DTW (Dynamic Time Warping) as a type of defense mechanisms was shown to be reasonable method of detecting and defending against a periodic low-rate TCP attack in an input traffic link. This method, however, has the problem that a legitimate link may be misidentified as an attack link, if the threshold of the DTW value is not reasonable. In order to effectively discriminate between attack traffic and legitimate traffic, the difference between their DTW values should be large as possible. To increase the difference, we analyze a critical problem with a previous algorithm and introduce a scaling method that increases the difference between DTW values. Four kinds of scaling methods are considered and the standard deviation of the sampling data is adopted. We can select an appropriate scaling scheme according to the standard deviation of an input signal. This is why the HS-DTW increases the difference between DTW values of legitimate and attack traffic. The result is that the determination of the threshold value for discrimination is easier and the probability of mistaking legitimate traffic for an attack is dramatically reduced.
Keywords
Low-rate TCP attack; Dynamic Time Warping; Denial of Service; Network Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 H. Sun, J. C. S. Lui, and D. K. Y. Yau, "Defending Against Low-rate TCP Attacks: Dynamic Detection and Protection," In Proc IEEE Conference on Network Protocols (ICNP2004), Oct. 2004, pp. 196-205
2 Y. Chen, K. Hwang, "Collaborative detection and filtering of shrew DDoS attacks using spectral analysis," J. Parallel Distributed Computing, Vol.66, 2006, pp.1137-1151   DOI   ScienceOn
3 E. Keogh, "Exact indexing of dynamic time warping," In Proceedings of the 28th VLDB Conference, Hong Kong, China, Aug. 2002
4 Y.S. Kim, "Technological Issues and Prospect of BcN," Telecommunication Technology Association, 2005
5 A. Kuzmanovic and E. Knightly, "Low-rate TCP-targeted denial of service attacks," In Proc. ACM SIGCOMM, Karlsruhe, Germany, August 2003
6 J. Mirkovic, J. Martin, and P. Reiher, Computer Science Department, UCLA "A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms," Technical report #020018
7 J. Mirkovic, "D-WARD: Source-End defense Against Distributed Denial-of-Service Attacks", Ph.D Thesis 2003
8 Shevtekar, K. Anantharam, and N. Ansari, "Low Rate TCP Denial-of-Service Attack Detection at Edge Routers," IEEE Communications Letters, Vol.9, No.4, April 2005
9 G. Yang, M. Gerla, and M. Y. Sanadidi, "Randomization: Defense against Low-Rate TCP-targeted Denial-of-Service Attacks," In Proc. IEEE Symposium on Computers and Communications, July 2004, pp. 345-350
10 W. H. So, S. H. Shim, K. M. Yoo, B. J. Oh, Y. S. Kim, Y. C. Kim, "Scaling based Dynamic Time Warping Algorithm for the Detection of Low-rate TCP Attack," Proceedings of IEEK Fall Conf. 2006, Hanyang Univ., Korea, Nov. 2006