微信服务号

微信订阅号

2025年3月30日 14:40 星期日
首页 > 过刊浏览>2014年第25卷第3期 >591-605. DOI:10.13328/j.cnki.jos.004520
PDF HTML阅读 XML下载 导出引用 引用提醒
低速率拒绝服务攻击研究与进展综述
作者:
基金项目:

国家重点基础研究发展计划(973)(2009CB320505);国家自然科学基金(61170211,61202356);教育部博士学科点专项基金(20110002110056)


Survey on Research and Progress of Low-Rate Denial of Service Attacks
Author:
  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [60]
    • |
  • 相似文献
    • |
  • 引证文献
    • | |
  • 文章评论
    摘要:

    低速率拒绝服务攻击是新型的拒绝服务攻击,对Internet的安全造成严重的潜在威胁,引起众多研究者的兴趣和重视,成为网络安全领域的重要研究课题之一.自2003年以来,研究者先后刻画了Shrew攻击、降质攻击、脉冲拒绝服务攻击和分布式拒绝服务攻击等多种低速率拒绝服务攻击方式,并提出了相应的检测防范方法.从不同角度对这种新型攻击的基本机理和攻击方法进行了深入的研究;对TCP拥塞控制机制进行了安全性分析,探讨了引起安全问题的原因;对现有的各种各样的LDoS攻击防范和检测方案,从多个方面进行了分类总结和分析评价;最后总结了当前研究中出现的问题,并展望了未来研究发展的趋势,希望能为该领域的研究者提供一些有益的启示.

    Abstract:

    Low-Rate denial of service (LDoS) attack is a new category of denial of service attacks which may become a serious threat to Internet. It has attracted many researchers' interest and is becoming an important research topic in network security area. Since 2003, researchers have revealed several kinds of low-rate denial of service attacks, such as the shrew attack, the reduction of quality (RoQ) attack, the pulsing denial-of-service (PDoS) attack and the distributed low-rate denial of service attacks (DLDoS). They also proposed some corresponding defense and detection methods. This paper thoroughly reviews the state-of-the-art of LDoS attack and prevention research, and also analyzes the basic mechanism and attack methods of different LDoS attacks. Especially, it analyzes the security of TCP congestion avoidance mechanism, and illustrates the cause of potential security issue of such mechanism. In addition, the paper also reviews and evaluates the current LDoS attack prevention and detection approaches. Finally, the paper identifies some open research issues and points out possible future research directions in LDoS attack research area.

    参考文献
    [1] Chang RKC. Defending against flooding-based distributed denial-of-service attacks: A tutorial. IEEE Communications Magazine, 2002,40(10):42-51. [doi: 10.1109/MCOM.2002.1039856]
    [2] Hussain A, Heidemann J, Papadopoulos C. A framework for classifying denial of service attacks. In: Proc. of the ACM SIGCOMM 2003. Karlsruhe: ACM Press, 2003. 99-110. [doi: 10.1145/863955.863968]
    [3] Hao S. Research on intrusion detection to denial of service attacks [MS. Thesis]. Beijing: Tsinghua University, 2005 (in Chinese with English ).
    [4] Zargar ST, Joshi J, Tipper D. A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys & Tutorials, 2013,15(4):2046-2069. [doi: 10.1109/SURV.2013.031413.00127]
    [5] Worldwide infrastructure security report. Volume ó. Arbor Networks, 2011. http://www.arbornetworks.com/report
    [6] Sun CH, Liu B. Survey on new solutions against distributed denial of service attacks. Acta Electronica Sinica, 2009,37(7): 1562-1571 (in Chinese with English abstract).
    [7] Mirkovic J, Reiher P. A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communications Review, 2004,34(2):39-53. [doi: 10.1145/997150.997156]
    [8] Xu QH. A core technique of DDoS attack prevention [MS. Thesis]. Shanghai: Shanghai Jiao Tong University, 2007 (in Chinese with English abstract).
    [9] Kuzmanovic A, Knightly EW. Low-Rate TCP-targeted denial of service attacks: The shrew vs. the mice and elephants. In: Proc. of the ACM SIGCOMM 2003. Karlsruhe: ACM Press, 2003. 75-86. [doi: 10.1145/863955.863966]
    [10] Guirguis M, Bestavros A, Matta I, Zhang Y. Reduction of quality (RoQ) attacks on Internet end systems. In: Proc. of the 24th IEEE INFOCOM. Miami: IEEE, 2005. 1362-1372. [doi: 10.1109/INFCOM.2005.1498361]
    [11] Luo XP, Chang RKC. On a new class of pulsing denial-of-service attacks and the defense. In: Proc. of the Network and Distributed System Security Symp. San Diego: The Internet Society, 2005.
    [12] He YX, Liu T, Cao Q, Xiong Q, Han Y. A survey of Low-rate denial-of-service attacks. Journal of Frontiers of Computer Science and Technology, 2008,2(1):1-19 (in Chinese with English abstract). [doi: 10.1299/jcst.2.1]
    [13] Sarat S, Terzis A. On the effect of router buffer sizes on low-rate denial of service attacks. In: Proc. of the 14th Int'l Conf. on Computer Communications and Networks (ICCCN 2005). San Diego: IEEE Press, 2005. 281-286. [doi: 10.1109/ICCCN.2005. 1523867]
    [14] Sun HB, Lui JCS, Yau DKY. Defending against low-rate TCP attacks: Dynamic detection and protection. In: Proc. of the 12th IEEE Int'l Conf. on Network Protocols (ICNP 2004). Berlin: IEEE COMPUTER SOC, 2004. 196-205. [doi: 10.1109/ICNP.2004. 1348110]
    [15] Chen Y, Hwang K. Collaborative detection and filtering of shrew DDoS attacks using spectral analysis. Journal of Parallel and Distributed Computing, 2006,66(9):1137-1151. [doi: 10.1016/j.jpdc.2006.04.007]
    [16] Wei W, Dong YB, Lu DM, Jin G, Lao HL. A novel mechanism to defend against low-rate denial-of-service attacks. Journal of Computer Science, 2006,3975:261-271. [doi: 10.1007/11760146_23]
    [17] Zhang CW, Yin JP, Cai ZP, Zhu E, Cheng JR. An approach of detecting distributed low-rate DoS attack based on the congestion participation rate. Computer Engineering & Science, 2010,32(7):49-54 (in Chinese with English abstract).
    [18] Wei W, Dong Y, Lu DM, Jin G. Detection and response of low-rate TCP-targeted denial of service attacks. Journal of Zhejiang University, 2008,42(5):757-765 (in Chinese with English abstract).
    [19] Wu ZJ, Zeng HL, Yue M. Approach of detecting LDoS attack based on time window statistic. Journal on Communications, 2010, 31(12):55-63 (in Chinese with English abstract).
    [20] Stevens W. RFC2581: TCP congestion control. Internet RFCs, 1999. http://rfc.net/rfc2581.html
    [21] Paxson V, Allman M. RFC 2988: Computing TCP's retransmission timer. Internet RFCs, 2000. http://rfc.net/rfc2988.html
    [22] Mathis M, Mahdavi J. RFC 2018: TCP selective acknowledgment options. Internet RFCs, 1996.
    [23] Cui T, Andrew LLH, Zukerman M, Tan LS. Improving the fairness of FAST TCP to new flows. Communications Letters, IEEE, 2006,10(5):414-416. [doi: 10.1109/LCOMM.2006.1633341]
    [24] Luo WM, Lin C, Yan BP. A survey of congest ion control in the Internet. Chinese Journal of Computers, 2001,24(1):1-18.
    [25] Chen Y, Hwang K, Kwok YK. Collaborative defense against periodic shrew DDoS attacks in frequency domain. Journal of ACM Trans. on Information and System Security, 2005. 1-30.
    [26] Xiang Y, Li K, Zhou WL. Low-Rate DDoS attacks detection and traceback by using new information metrics. IEEE Trans. on Information Forensics and Security, 2011,6(2):2011:426-438. [doi: 10.1109/TIFS.2011.2107320]
    [27] Yang G, Gerla M, Sanadidi MY. Defense against low-rate TCP-targeted denial-of-service attacks. In: Proc. of the 9th Int'l Symp. on Computers and Communications (ISCC 2004). Washington: IEEE, 2004. 345-350.
    [28] Efstathopoulos P. Practical study of a defense against low-rate TCP-targeted DoS attack. In: Proc. of the Int'l Conf. on Internet Technology and Secured Trans. (ICITST 2009). London, 2009. 1-6.
    [29] Floyd S, Jacobson V. Random early detection gateways for congestion avoidance. IEEE/ACM Trans. on Networking, 1993,1(4): 397-413. [doi: 10.1109/90.251892]
    [30] Athuraliya S, Low SH, Li VH, Yin QH. REM: Active queue management. IEEE Network, 2001,15(3):48-53. [doi: 10.1109/65. 923940]
    [31] Christiansen M, Jeffay K, Ott D, Smith FD. Tuning RED for Web traffic. ACM Computer Communication Review, 2000,30(4): 139-150. [doi: 10.1145/347057.347418]
    [32] Feng W, Kandlur DD, Saha D. The blue active queue management algorithms. IEEE/ACM Trans. on Networking, 2002,10(4): 513-528. [doi: 10.1109/TNET.2002.801399]
    [33] Kunniyur S, Srikant R. Analysis and design of an adaptive virtual queue algorithm for active queue management. In: Proc. of the ACM SIGCOMM 2001. New York: ACM Press, 2001. 123-134. [doi: 10.1145/383059.383069]
    [34] Feng WC, Kandlur DD, Saha D, Shin KG. A self-configuring RED gateway. In: Proc. of the IEEE INFOCOM. New York: IEEE Communications Society, 1999. 1320-1328. [doi: 10.1109/INFCOM.1999.752150]
    [35] Ott TJ, Lakshman TV, Wong LH. SRED: Stabilized RED. In: Proc. of the IEEE INFOCOM. New York: IEEE Communications Society, 1999. 1346-1355. [doi: 10.1109/INFCOM.1999.752153]
    [36] Feng WC, Kandlur DD, Saha D, Shin KG. Blue: A new class of active queue management algorithms. Technical Report, CSE-TR-387-99, University of Michigan, 1999. http://www.eecs.umich.edu/~wuchang/blue/
    [37] Hollot CV, Misra V, Towsley D, Gong WB. On designing improved controllers for AQM routers supporting TCP flows. In: Proc. of the IEEE INFOCOM. Anchorage: IEEE Communications Society, 2001. 1726-1734. [doi: 10.1109/INFCOM.2001.916670]
    [38] Mohan L, Bijesh MG, John JK. Survey of low rate denial of service (LDoS) attack on RED and its counter strategies. In: Proc. of the 2012 IEEE Int'l Conf. on Computational Intelligence and Computing Research (ICCIC). 2012. 1-7. [doi: 10.1109/ICCIC.2012. 6510186]
    [39] Kwok YK, Tripathi R, Chen Y, Hwang K. HAWK: Halting anomalies with weighted choking to rescue well-behaved TCP sessions from shrew DDoS attacks. In: Proc. of the Networking and Mobile Computing. Zhangjiajie: Computer Science, 2005. 423-432. [doi: 10.1007/11534310_46]
    [40] Lou XP, Chan EWW, Chang RKC. Vanguard: A new detection scheme for a class of TCP-targeted denial-of-service attacks. In: Proc. of the Network Operations and Management Symp. (NOMS 2006). Vancouver, 2006. 507-518.
    [41] Maciá-Fernández G, Diaz-Verdejo JE, Garcia-Teodoro P. Mathematical model for low-rate DoS attacks against application servers. Journal of IEEE Trans. on Information Forensics and Security, 2009,4(3):519-530. [doi: 10.1109/TIFS.2009.2024719]
    [42] Xu XD, Guo X, Zhu SR. A queuing analysis for low-rate DoS attacks against application servers. In: Proc. of the IEEE Int'l Conf. on Wireless Communications Networking and Information Security (WCNIS). 2010. 500-504.
    [43] Chang CW, Lee S, Lin B, Wang J. The taming of the shrew: Mitigating low-rate TCP-targeted attack. In: Proc. of the 29th IEEE Int'l Conf. on Distributed Computing Systems. Montreal, 2009. 137-145.
    [44] Chen Y, Hwang K. Spectral analysis of TCP flows for defense against reduction-of-quality attacks. In: Proc. of the IEEE Int'l Conf. on Communications 2007. Glasgow, 2007. 24-28.
    [45] Chen H, Chen Y. A novel embedded accelerator for online detection of shrew DDoS attacks. In: Proc. of the Int'l Conf. on Networking, Architecture, and Storage. Chongqing, 2008. 365-372. [doi: 10.1109/NAS.2008.13]
    [46] Xie Y, Yu SZ. Detecting shrew HTTP flood attacks for flash crowds. In: Proc. of the Int'l Conf. on Computational Science (1). 2007. 640-647. [doi: 10.1007/978-3-540-72584-8_85]
    [47] Zhang Y, Mao ZM, Wang J. Low-Rate TCP-targeted DoS attack disrupts Internet routing. In: Proc. of the Network and Distributed System Security Symp. (NDSS 2007). 2007.
    [48] Liu XM, Li Q, Liu XG. A novel pattern of distributed low-rate denial of service attack disrupts Internet routing. In: Proc. of the 8th Int'l Conf. on Computing Technology and Information Management (ICCM). 2012. 119-123.
    [49] Wu ZJ, Pei BS. The detection of LDoS attack based on the model of small signal. Acta Electronica Sinica, 2011,39(6):1456-1461 (in Chinese with English abstract).
    [50] Mallat S. A Wavelet Tour of Signal Processing. 2nd ed., New York: Academic Press, 1999.
    [51] Li L, Lee G. DDoS attack detection and wavelets. IEEE Trans. on Information Theory, 2003,(3):421-427. [doi: 10.1109/ICCCN. 2003.1284203]
    [52] Chaovalit P, Gangopadhyay A, Karabatis G, Chen Z. Discrete wavelet transform-based time series analysis and mining. ACM Computing Surveys, 2011,43(2):1-37. [doi: 10.1145/1883612.1883613]
    [53] Chen K, Liu HY, Chen XS. EBDTA-Method for detecting LDoS attack. In: Proc. of the IEEE Int'l Conf. on Information and Automation. 2012. 911-916.
    [54] Barbhuiya FA, Gupta V, Biswas S, Nandi S. Detection and mitigation of induced low rate TCP-targeted denial of service attack. In: Proc. of the 2012 IEEE 6th Int'l Conf. on Software Security and Reliability. 2012. 291-300. [doi: 10.1109/SERE.2012.27]
    [55] Lakhina A, Crovella M, Diot C. Mining anomalies using traffic feature distributions. In: Proc. of the ACM SIGCOMM. 2005. [doi: 10.1145/1090191.1080118]
    [56] Wagner A, Plattner B. Entropy based worm and anomaly detection in fast IP networks. In: Proc. of the 14th IEEE Int'l Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise. 2005. 172-177. [doi: 10.1109/WETICE.2005.35]
    [57] Brauckhoff D, Tellenbach B, Wagner A, May M, Lakhina A. Impact of packet sampling on anomaly detection metrics. In: Proc. of the ACM SIGCOMM Conf. on Internet Measurement. Rio de Janeriro, 2006. 159-164. [doi: 10.1145/1177080.1177101]
    [58] Lall A, Sekar V, Ogihara M, Xu J, Zhang H. Data streaming algorithms for estimating entropy of network traffic. In: Proc. of the ACM SIGMETRICS Performance Evaluation Review. 2006. 145-156. [doi: 10.1145/1140277.1140295]
    [59] Yang JH, Wu JP, An CQ. Internet Measurement Theory and Application. Beijing: The People's Posts and Telecommunications Press, 2009 (in Chinese).
    [60] Zhang B, Yang JH, Wu JP. MBST: Detecting packet-level traffic anomalies by feature stability. The Computer Journal, 2012. [doi: 10.1093/comjnl/bxr134]
    相似文献
    引证文献
引用本文

文坤,杨家海,张宾.低速率拒绝服务攻击研究与进展综述.软件学报,2014,25(3):591-605

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2012-07-17
  • 最后修改日期:2013-11-11
  • 在线发布日期: 2013-11-28
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号