Download now Free registration required
This paper addresses the important problem of detecting Pulsing Denial of Service (PDoS) attacks which send a sequence of attack pulses to reduce TCP throughput. Unlike previous works which focused on a restricted form of attacks, one considers a very broad class of attacks. In particular, the attack model admits any attack interval between two adjacent pulses, whether deterministic or not. It also includes the traditional flooding-based attacks as a limiting case (i.e., zero attack interval). The main contribution is Vanguard, a new anomaly-based detection scheme for this class of PDoS attacks. The Vanguard detection is based on three traffic anomalies induced by the attacks, and it detects them using a CUSUM algorithm. The paper has prototyped Vanguard and evaluated it on a testbed.
- Format: PDF
- Size: 955.3 KB