Abstract:Low-Rate denial of service (LDoS) attack is a new category of denial of service attacks which may become a serious threat to Internet. It has attracted many researchers' interest and is becoming an important research topic in network security area. Since 2003, researchers have revealed several kinds of low-rate denial of service attacks, such as the shrew attack, the reduction of quality (RoQ) attack, the pulsing denial-of-service (PDoS) attack and the distributed low-rate denial of service attacks (DLDoS). They also proposed some corresponding defense and detection methods. This paper thoroughly reviews the state-of-the-art of LDoS attack and prevention research, and also analyzes the basic mechanism and attack methods of different LDoS attacks. Especially, it analyzes the security of TCP congestion avoidance mechanism, and illustrates the cause of potential security issue of such mechanism. In addition, the paper also reviews and evaluates the current LDoS attack prevention and detection approaches. Finally, the paper identifies some open research issues and points out possible future research directions in LDoS attack research area.