CN108199898A - A kind of method for enhancing LDoS attack efficiency - Google Patents
A kind of method for enhancing LDoS attack efficiency Download PDFInfo
- Publication number
- CN108199898A CN108199898A CN201810046587.8A CN201810046587A CN108199898A CN 108199898 A CN108199898 A CN 108199898A CN 201810046587 A CN201810046587 A CN 201810046587A CN 108199898 A CN108199898 A CN 108199898A
- Authority
- CN
- China
- Prior art keywords
- attack
- tcp
- ldos
- packet
- queue
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Current low-speed denial of service attack not only pursues hidden effect, but also pursue highest " cost performance ", i.e., is consumed by minimum attack, reach higher signatures generation.For the present invention by designing attack parameter, wherein parameter, which includes attack pulse rate, attack pulse width, attacks the pulse period and adjusts attack pulse, initiates opportunity, further improves signatures generation.Experiment shows that the method for this enhancing LDoS attack efficiency proposed by the present invention is that more accurately, and have higher signatures generation.
Description
Technical field
The present invention relates to a kind of computer network security technologies, especially pursue higher signatures generation one after another in current attack person
Background under, by analyze low rate refusal service (Low-rate Denial of Service, LDoS) attack under congestion
Window and queue behavior, design LDoS attack parameter, and opportunity is initiated in adjustment attack pulse so that LDoS attack has higher attack
Hit efficiency.
Background technology
In general, formula refusal service (Denial of Service, the DoS) attack that floods can be referred to as one kind " quite
The attack pattern of power " although can achieve the purpose that refuse service completely, is causing the same of larger Internet resources loss
When, attack consumption is also relatively large.In addition, have many detections for the formula DoS attack that floods and defence method at present, mainly
It is the feature by flow to determine whether there are DoS attacks.In some cases, the attacker formula DoS that directly starts to flood is attacked
It may not be a kind of effective measures to hit.At present, it is higher in order to hide existing attack detecting and defence method and pursuit
Signatures generation, attacker transfer to implement the DoS attack of more " intelligence ".Low rate refusal service LDoS attack is a kind of novel
DoS attack mode, the average attack rate of this attack is even also smaller than normal discharge, and therefore, it is difficult to detect and defend.
For the LDoS attack in traditional network, current research is more.Aleksandar Kuzmanovic and
DanieXiapu professors Luo are had studied respectively for TCP end system congestion control mechanism RTO (Retransmission
) and the LDoS attack model of AIMD (Additive Increase Multiplicative Decrease) TimeOut.Electronics
The team of the Long Keping professors of University of Science and Technology and the small dragon professor of the sun of University of Science & Technology, Beijing are by LDoS attack parameter and network environment
Parameter is combined, it is proposed that more accurately network behavior model.Mina professors Guirguis are disclosed for RED routers team
The LDoS attack principle of row administrative mechanism establishes the networked control theory model under attack.In addition, also directed to different types of
LDoS attack quantization compared attack performance.Yajuain Tang and Daniel Xiapu professors Luo of University Of Shantou to towards
The LDoS attack of reponse system is studied, and extends the attack pattern that Mina Guirguis are proposed, establishes exchange system
Model unite to describe the network behavior under attack.But the achievement in research of the LDoS attack in cloud computing is less.Science and techniques of defence are big
The LDoS attack that doctor Feng Zhenqian and professor Su Jinshu demonstrate traditional network can be moved to easily in cloud computing.Cloud
The new feature for calculating data center network allows a tenant to implement effective low rate attack with considerably less flow.South
Doctor Liu Meng and professor Dou Wanchun of capital university disclose the data Layer flow table free time timeout mechanism of cloud computing software defined network
There are loopholes, and for the loophole, they propose a kind of DoS attack of hidden and carry out performance analysis and modeling to the attack.
At present, it is a lot of for DoS attack detection and defence method, achievement in research.Ashley Chonka etc. propose one kind
Novel HX-DoS (HTTP/XML-DoS) attacks, this attack utilize the loophole of widely used HTTP and XML in cloud computing,
Reduce the service quality of cloud computing.For the attack, it is also proposed that a set of ENDER (Pre-Decision, Advance
Decision, Learning System) system of defense, core is to alleviate the HX- in cloud platform using the method for packet making
DoS attack.Yu Shui etc. are directed to the ddos attack of cloud computation data center, it is proposed that a kind of dynamic BTS configuration strategy utilizes
Idle cloud resource replicates enough intrusion prevention servers, achievees the purpose that fast filtering DoS attack stream.Anteneh
Girma etc. analyzes the DDoS detection techniques and its advantage and disadvantage currently for different parameters, it is proposed that can effectively alleviate DDoS and attack
The mixing statistical model hit.Opeyemi A Osanaiye etc. detect ddos attack by analyzing TCP/IP header features
The source of data packet.Han Zhijie etc. mainly has studied the problem of carrying out Denial of Service attack to HTTP applications on cloud computing platform.
Attack is detected by features such as CPU, network throughputs, attack stream is filtered by the method for black and white lists.Han Wei etc. is to being based on
The workflow of Hadoop cloud computing platform is studied, and combines the heartbeat inspecting mechanism of its own, it is proposed that a kind of completely new
Model is defendd with selfreparing based on Hadoop cloud node DoS detections.We also proposed dissipates suitable for the virtual of cloud computing platform
Row safety access method, and using the seamless switching of elastic mechanism realization node, so as to alleviate the DoS attack in cloud computing.
LDoS attack pursues maximum signatures generation, and FB-LDoS (Full buffer-LDoS) attacks, which have proved to be, attacks
Hit a kind of highest LDoS attack of efficiency, but existing FB-LDoS challenge models are there are some problems, therefore, for cloud meter
FB-LDoS attacks in calculation are modeled.FB-LDoS challenge models in cloud computing are the two-way time based on variation first
(Round Trip Time, RTT) is solved the problems, such as over based on inaccuracy caused by fixed RTT modelings, and the model has
There are higher signatures generation and attack to lose.
Invention content
The premise modeled herein first is the RTT based on variation, is two parts by RTT point, first part be subject to processing delay,
The influence of transmission delay and propagation delay, second part determine by queuing delay, RTT by with the variation of momentary queue length and
Variation, it is assumed that RTTiRepresent the two-way time of i-th of time slot, QiRepresent RTTiAt the end of corresponding momentary queue length, i.e., every
Remaining packet number in router queue caching after one RTT time.Then RTTiIt can be expressed as:
First item rtt represents that the first part in RTT takes fixed value on the right side of formula (1) equal sign.Section 2 on the right side of formula (1)
Represent the changing unit in RTT, it can be seen that the changing unit of current RTT momentary queue length at the end of by a upper RTT
It influences.
When router queue caching is full, bottleneck link is up to peak use rate, i.e., each rtt can transmit C TCP
Data packet.Assuming that the TCP data packet being lined up discharges queue with time interval d, then d can be represented as follows:
Wherein, C ' represents the bottleneck link processing capacity as unit of Mbps, and packetsize represents TCP packet sizes.It is logical
Often, for a determining network, C ' takes fixed value not change over time.Therefore, the discharge interval d of data packet is by TCP packets
Size determines.Further, it is contemplated that TCP groupings and the relationship of ACK, TCP transmitting terminals just send one newly whenever an ACK is received
Grouping.Therefore, the transmission rate of TCP groupings is equal to the rate of discharge d of queue.
Because router queue cache size is B, link processing ability is C, therefore, if fortress full queue, TCP congestions
Window size should reach B+C, send B+C grouping within the time of a RTT in other words.Wherein B is grouped to fill out
Full queue, C grouping take link.According to formula (1), RTT increases with the increase of momentary queue length, therefore RTT exists
Reach maximum value during queue full.If router cache size is provided according to bandwidth time delay productIt is so full
RTT during queue will be equal to 2rtt.In the case of queue full, for a new data packet for reaching router, only
Have when one data packet being lined up of discharge in router queue, when vacating a clear position, new data packet ability
Into enqueue.Otherwise, which is dropped.Attack is exactly based on the transmission opportunity of dexterously control attack packet so that each
Attack packet, which is all tried to be the first, occupies the clear position of queue.At present, attacker can estimate real-time team by many existing methods
Row length, therefore, attacker are easy for find when queue is filled, and accurately control attack packet reach queue when
Between.So B+C normal TCP groupings can be caused all to abandon.Assuming that router queue is in RTTiIt is in during beginning
Fill up state, then in RTTiInterior packet procedures are segmented into two stages.
First stage:First stage originates in router cache and is just filled up by TCP packets, and attacker will cause in this stage
B TCP packet abandons.Fig. 1 and Fig. 2 describes this process.Wherein white box represents TCP packets, and black box represents FB-LDoS
Attack packet, dotted line frame represent the clear position in queue.
In Fig. 1, discharged when a TCP being lined up is coated with, a clear position just occur in router queue.This
When, if attack packet A1Than TCP data packet P1It is previous to reach router queue, then A1It will try to be the first to join the team and occupy clear position, and
Relatively lag behind the P of arrival1It will be dropped due to queue full.
Fig. 2 then shows how attacker prevents B newly arrived TCP packets (P1, P2..., PB) join the team.Wherein, " √ "
Represent that attack is wrapped into enqueue, "×" represents that TCP coatings abandon.In the first stage, B TCP packet is lined up in queue,
Bottleneck link will be spentThe time of (B × d) empties data packet all in queue.Therefore, in order to make B is new to reach
TCP packets all abandon, attacker at least needs to send B attack packet with interval d, and corresponding to ensureing that each attack packet is slightly sooner in time than
Each TCP packets reach queue.As long as meet above-mentioned condition, then whenever discharging a data packet in queue, attack packet all can
Occupy the clear position occurred in queue immediately before TCP packets.
Second stage:The B TCP groupings that second stage is lined up before originating in queue are all emptied.This
When, queue is taken completely by attack packet.Assuming that the time interval of attack packet discharge is d ', then d ' can be expressed as:
Wherein, packetsize ' represents attack packet size.In general, in order to reduce attack consumption, attacker can set as far as possible
Put smaller attack packet.Fig. 3 and Fig. 4 describes the process in this stage.Equally, white box represents TCP packets, black box table
Show attack packet, dotted line frame represents the clear position in queue.
In second stage, if attacked without FB-LDoS, newly arrived C TCP data packet (PB+1, PB+2...,
PB+c) should be into enqueue.But in the case where there is attack, the rate of attack packet sending speed and queue discharge data packet
Synchronous, so attack packet will occupy each clear position, and be always maintained at queue full, and TCP packets will be all dropped.At this
In, attacker only needs to send with interval d 'A attack wraps to stop that C TCP is packed in team.And send these
Attack packet will be spentTime, and transmission rate should it is consistent with link processing ability be C '
Mbps。
It is analyzed according to the packet procedures in above-mentioned two stage, a kind of stepped FB-LDoS challenge models can be designed in Fig. 5
In, relatively low ladder corresponds to the first stage, and higher ladder corresponds to second stage.According to the analysis of packet procedures, can set relatively low
The step pulse duration beImpulse amplitude
And the higher step pulse duration is L2=rtt, impulse amplitude δ2=C ' Mbps.As can be seen that in the first stage, nothing
Why size by attack packet is worth, and B attack packet one surely stops B TCP packet, therefore attacker can use minimum attack
Packet consumes to reduce attack.In second stage, the packet sending speed of attacker equal with link processing ability C ' must could continue
Fill up queue.So far, the setting of attack two parameters of pulsewidth and attack amplitude is discussed.And it attacks cycle T and is delayed by setting
RTTiThe time of+3d launches a offensive pulse, and wherein d is that TCP gives out a contract for a project interval.
Description of the drawings
Fig. 1 is queuing behavior when TCP packets fill up queue;
Fig. 2 causes B TCP packet to abandon for B attack packet with interval d transmissions;
Fig. 3 attack packets fill up queuing behavior during queue;
Fig. 4 isA attack packet causes C TCP packet to abandon with interval d ' transmissions;
Fig. 5 is staged challenge model.
Fig. 6 is congestion window process and queue process under novel FB-LDoS challenge models
Fig. 7 is the TCP packet procedures under delay attack.
Fig. 8 (a) is that the overall variation of window and queue is, (b) is window and the localized variation (0.905s- of queue
0.930s), (c) is the localized variation (0.90s-1.122s) of window and queue
Fig. 9 is TCP aggregated throughputs.
Figure 10 is packet loss.
Figure 11 is attack loss (Damage) comparison.
Figure 12 is compared for signatures generation (Potency).
Specific implementation method
To verify the effect of this enhancing LDoS attack potency method, prove to be proposed by building NS-2 experimental situations
Novel FB-LDoS challenge models, and test its signatures generation.The main verification of experiment:1st, novel FB-LDoS challenge models
Window and queue situation;2nd, novel FB-LDoS challenge models have higher signatures generation.
1st, the window of novel FB-LDoS challenge models and queue situation
Opportunity is initiated by simply adjusting attack pulse, further improves signatures generation.Gathering around in one attack period
It fills in window (cwnd) process and queue process is as shown in Figure 6.Cwnd processes are divided into 4 stages.
Phase 1:Challenge model compared to Fig. 6, here, setting time delay RTTiThe time of+3d launches a offensive pulse,
Middle d is that TCP gives out a contract for a project interval.The purpose of delay attack is to induce TCP transmitting terminals to perform Fast retransmission algorithm, and triggers Fast retransmission
4 TCP packets transmission are then needed, packet procedures are as shown in Figure 7.
It is analyzed with reference to Fig. 6 and Fig. 7, in RTTi+ 1 starting, cwnd become B+C+1, it means that the grouping that TCP is sent
Quantity be more than cache size with bottleneck link processing capacity and B+C, therefore there are one TCP packets will loss, such as dotted line in Fig. 7
It is shown.The reason of packet loss, is, works as RTTiAfter all TCP groupings sent are all identified, TCP transmitting terminals increase its sliding window
Add a message segment, i.e., in RTTi+ 1, TCP will continuously transmit 2 groupings.But only there are one clear position, institutes for queue at this time
It will be dropped with second TCP packet.Later, attacker allows next 3 groupings Successful transmissions, this 3 TCP groupings will draw
The ACK of 3 repetitions of hair feeds back to transmitting terminal.According to Transmission Control Protocol, these three TCP are grouped, are each needed by one
It is identified after RTT.Since at this time queue is filled up always, RTT values are constant.According to above analysis, the 3rd repetition
ACK will be in t=RTTi+RTTi+ 1+3d the moment is received by TCP transmitting terminals.FB-LDoS attack pulses originate in t=RTTi+3d
And continue to re-transmission.In this case, remaining B+C-3 TCP grouping will be in t=RTT in the cwndiIt is arrived after+3d
It reaches, and that grouping retransmitted will also abandon, this is because whenever there are one can all be attacked during clear position in queue caching
Packet occupies.
In the figure 7, the cwnd sizes of the TCP transmitting terminals whenever an ACK is received are given.In RTTiAt the end of+1,
Cwnd will rise to B+C+2, this is because RTT beforeiB+C TCP groupings (ackj+1, ackj+2 ..., the ack of interior transmission
J+B+C it) has been identified.In RTTiIn+1 period, attack pulse will not prevent cwnd from increasing.It is repeated when receiving the first two
ACK when, TCP transmitting terminals do not retransmit grouping and do not increase cwnd, therefore cwnd sizes will keep B+C+2, be received after 3d
To the ACK of the 3rd repetition.
Phase 2:Once receiving the ACK of 3 repetitions, cwnd will halve and becomeBecause later B+C-3
The grouping that TCP is grouped and retransmits all is lost, so without ACK back to TCP transmitting terminals, TCP enters waiting-timeout state.
Phase 3:When RTO timer expireds, Slow start threshold is set as the half of current window, held by TCP transmitting terminals
Row slowstart algorithm, cwnd increase from 1 start index.
Phase 4:Once cwnd reaches Slow start threshold, TCP performs Congestion Avoidance and calculates hair, and cwnd linear increases are under
A cycle.
Next be discussed, as shown in fig. 6, an attack period can be expressed as T=T the attack period1+T2+T3, wherein T1
=min RTO,
By analyze above obtain attack it is proposed that the method for this enhancing LDoS attack efficiency have and higher attack
Hit efficiency.There are two reasons:1) congestion window thresholding halves twice, therefore the time of TCP congestion window exponential increases shortens, and
The time lengthening of linear increase.Congestion window increases slower, and the performance of TCP is lower;2) the attack period is longer, therefore during unit
Interior attack consumption is relatively lower.
It to verify this method, is initiated opportunity by adjusting attack pulse, setting attack cycle T=209.4ms, Qi Tagong
Hit parameter constant.In this case, experimental result is as shown in figure 8, wherein Fig. 8 (a) is shown in an attack period completely
Window and queue variation, Fig. 8 (b) and Fig. 8 (c) are exaggerated the part of curve.Critical data point is marked in figure,
It can be seen that the theory analysis of experimental result and Fig. 6 are completely the same.
2nd, novel FB-LDoS challenge models have higher signatures generation
Next, reflect the performance of LDoS attack by testing handling capacity and packet loss two indices, mainly with normally
In the case of index compare.The accumulation TCP handling capacities in 5 seconds are counted as shown in figure 9, counting average packet loss ratio such as Figure 10 per second
It is shown.From fig. 9, it can be seen that 5 seconds kinds time at the end of, normal TCP flow aggregated throughput is about originally
229.63Gb, but under the action of having FB-LDoS attacks, the aggregated throughput of normal TCP flow drops to 7.69Gb or so, drop
Width is up to 96.65%.From fig. 10 it can be seen that the packet loss of TCP flow is very low under normal circumstances, only 0.13%, at this time mainly by
AIMD mechanism influences.And LDoS attack causes the more frequent congestion of link, TCP transmitting terminals continually utilize AIMD mechanism and RTO
Mechanism adjusts transmission rate, this does not only result in TCP congestion windows and maintains a smaller range, the i.e. number that TCP is sent out in itself
It is just seldom according to packet.Moreover, even if having issued data packet in the range of window permission, then wherein TCP data packet also can be by
LDoS attack packet entry deterrence queue.Therefore, packet loss higher under LDoS attack has respectively reached 5.46% He under two kinds of models
4.19%.Other than being compared with normal TCP performances, it can also be seen that two kinds of challenge models reach from Fig. 9 and Figure 10
Different attack effect.From aggregated throughput and packet loss two indices, original challenge model causes TCP flow to be damaged
More flows are lost.This is primarily due in original challenge model, and the period that LDoS attack pulse is sent is short, more frequently
Ground causes TCP to carry out congestion control, therefore causes the loss of TCP some higher.
Next, compare the signatures generation under two kinds of attack methods.It is Successful transmissions in an attack period to define G
The bit number of TCP groupings, A represent the attack bit joint number needed for an attack pulse.It is weighed and attacked by following three indexs
Efficiency.
1) defining average transmission rate isRepresent the TCP packet bit numbers of Successful transmissions in the unit interval;
2) for Damage=C '-Rate, expression should be transmitted for definition attack loss, but under FB-LDoS attacks not into
The bit number of work(transmission;
3) definition attack, which consumes, isIt can be calculated by attack parameter.
Signatures generation is defined as the ratio of attack loss and attack consumption, i.e.,:
In an experiment, 5 attack periods are randomly selected to count Damage and Potency.Figure 11 and Figure 12 give reality
Test result.By comparing it can be found that experiment value and theoretical value are coincide very much.And it is proposed that this enhancing LDoS attack
The method of efficiency has higher signatures generation.
Claims (1)
1. a kind of method for enhancing LDoS attack efficiency, is by establishing a kind of stepped LDoS pulse attacks model of full queue
It realizes, model parameter includes attack pulse rate δ1And δ2, attack pulse width L1And L2, attack pulse period T, feature
It is:
(1) attack pulse rate δ1And δ2It is set asδ2=C ', wherein B are represented
Router cache size, C represent the bottleneck link rate as unit of packet number, and C ' represents the bottleneck link as unit of Mbps
Processing capacity, packetsize ' represent attack packet size, and rtt represents the two-way time in network, dependent on processing delay, pass
Defeated delay and propagation delay;
(2) attack pulsewidth sets L1And L2It is set asL2=rtt;
(3) the attack period is set as T=T1+T2+T3, wherein T1=min RTO, Wherein d is the discharge interval of TCP packets in caching
(4) the initiation opportunity of attack pulse is set as:When router cache is full, then 3d is waited for launch a offensive after being delayed arteries and veins
Punching.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810046587.8A CN108199898A (en) | 2018-01-12 | 2018-01-12 | A kind of method for enhancing LDoS attack efficiency |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810046587.8A CN108199898A (en) | 2018-01-12 | 2018-01-12 | A kind of method for enhancing LDoS attack efficiency |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108199898A true CN108199898A (en) | 2018-06-22 |
Family
ID=62590142
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810046587.8A Pending CN108199898A (en) | 2018-01-12 | 2018-01-12 | A kind of method for enhancing LDoS attack efficiency |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108199898A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109040131A (en) * | 2018-09-20 | 2018-12-18 | 天津大学 | A kind of LDoS attack detection method under SDN environment |
CN109150838A (en) * | 2018-07-24 | 2019-01-04 | 湖南大学 | A kind of method for comprehensive detection for Denial of Service attack at a slow speed |
CN110012006A (en) * | 2019-04-01 | 2019-07-12 | 中国民航大学 | A kind of low-speed denial of service attack method for CUBIC |
CN111478893A (en) * | 2020-04-02 | 2020-07-31 | 中核武汉核电运行技术股份有限公司 | Detection method for slow HTTP attack |
CN115242551A (en) * | 2022-09-21 | 2022-10-25 | 北京中科网威信息技术有限公司 | Slow attack defense method and device, electronic equipment and storage medium |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102457489A (en) * | 2010-10-26 | 2012-05-16 | 中国民航大学 | Attacking, detecting and defending module for LDoS (Low-rate Denial of Service) |
-
2018
- 2018-01-12 CN CN201810046587.8A patent/CN108199898A/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102457489A (en) * | 2010-10-26 | 2012-05-16 | 中国民航大学 | Attacking, detecting and defending module for LDoS (Low-rate Denial of Service) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109150838A (en) * | 2018-07-24 | 2019-01-04 | 湖南大学 | A kind of method for comprehensive detection for Denial of Service attack at a slow speed |
CN109040131A (en) * | 2018-09-20 | 2018-12-18 | 天津大学 | A kind of LDoS attack detection method under SDN environment |
CN110012006A (en) * | 2019-04-01 | 2019-07-12 | 中国民航大学 | A kind of low-speed denial of service attack method for CUBIC |
CN111478893A (en) * | 2020-04-02 | 2020-07-31 | 中核武汉核电运行技术股份有限公司 | Detection method for slow HTTP attack |
CN111478893B (en) * | 2020-04-02 | 2022-06-28 | 中核武汉核电运行技术股份有限公司 | Detection method for slow HTTP attack |
CN115242551A (en) * | 2022-09-21 | 2022-10-25 | 北京中科网威信息技术有限公司 | Slow attack defense method and device, electronic equipment and storage medium |
CN115242551B (en) * | 2022-09-21 | 2022-12-06 | 北京中科网威信息技术有限公司 | Slow attack defense method and device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108199898A (en) | A kind of method for enhancing LDoS attack efficiency | |
Zhijun et al. | Low-rate DoS attacks, detection, defense, and challenges: A survey | |
Luo et al. | On a new class of pulsing denial-of-service attacks and the defense. | |
Kang et al. | SPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding Attacks. | |
Luo et al. | The NewShrew attack: A new type of low-rate TCP-Targeted DoS attack | |
CN111756685A (en) | DDOS attack detection method based on hypothesis test | |
Hussain et al. | Impact of DDoS attack (UDP Flooding) on queuing models | |
Yue et al. | Low-high burst: a double potency varying-rtt based full-buffer shrew attack model | |
Yue et al. | High-potency models of ldos attack against cubic+ red | |
CN107800711A (en) | A kind of method that OpenFlow controllers resist ddos attack | |
CA2548344A1 (en) | Preventing network reset denial of service attacks | |
Kumar et al. | Data sequence signal manipulation in multipath tcp (mptcp): The vulnerability, attack and its detection | |
Luo et al. | Performance analysis of TCP/AQM under denial-of-service attacks | |
CN109995770B (en) | LDoS attack detection method based on queue distribution | |
Khanna et al. | Adaptive selective verification | |
Luo et al. | Optimizing the pulsing denial-of-service attacks | |
Patel et al. | The low-rate denial of service attack based comparative study of active queue management scheme | |
Domański et al. | Comparison of CHOKe and gCHOKe active queues management algorithms with the use of fluid flow approximation | |
Mergendahl et al. | FR-WARD: Fast retransmit as a wary but ample response to distributed denial-of-service attacks from the Internet of Things | |
Kieu et al. | Using CPR metric to detect and filter low-rate DDoS flows | |
Rabie et al. | Applying sigmoid filter for detecting the low-rate denial of service attacks | |
Dong et al. | Analysis of low-rate TCP DoS attack against FAST TCP | |
Liu et al. | Modeling and quantifying the impact of P2P file sharing traffic on traditional internet traffic | |
Paliwal et al. | A new effective TCP-CC algorithm performance analysis (NS3) | |
Wang et al. | AIMD Congestion Control: Stability, TCP-friendliness, Delay Performance |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180622 |