Attack simulation and signature extraction of low-rate DDoS

WU Zhi-jun; ZHANG Dong

Tongxin xuebao (Jan 2008)

Attack simulation and signature extraction of low-rate DDoS

WU Zhi-jun,
ZHANG Dong

Affiliations

WU Zhi-jun
ZHANG Dong

Abstract

Read online

LDDoS （low-rate distributed denial-of-service） was a new type of DDoS attack. It had small traffic and cov- ered by normal network traffic. LDDoS attack was so stealthy that the detection and defense approaches of traditional DDoS could not be effective. Experiments show that LDDoS attack traffic exhibit strong periodicity. Based on the periodical feature of LDDoS attack, the signatures of LDDoS attack are extracted through analyzing the cache queue of target router for the purpose of detection and defense of LDDoS attack. Statistics on the percentage of normal and attack flow in total traffic show that LDDoS attack has two signatures. Experiments on the two signatures in NS-2 platform have been conducted to detect LDDoS attack, tests result show that the extracted two signatures can reduce false positives of LDDoS attack detection schemes.

LDDoS;signature;percentage of flow

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords