CN108199898A - A kind of method for enhancing LDoS attack efficiency - Google Patents

A kind of method for enhancing LDoS attack efficiency Download PDF

Info

Publication number
CN108199898A
CN108199898A CN201810046587.8A CN201810046587A CN108199898A CN 108199898 A CN108199898 A CN 108199898A CN 201810046587 A CN201810046587 A CN 201810046587A CN 108199898 A CN108199898 A CN 108199898A
Authority
CN
China
Prior art keywords
attack
tcp
ldos
packet
queue
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810046587.8A
Other languages
Chinese (zh)
Inventor
岳猛
许青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Civil Aviation University of China
Original Assignee
Civil Aviation University of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Civil Aviation University of China filed Critical Civil Aviation University of China
Priority to CN201810046587.8A priority Critical patent/CN108199898A/en
Publication of CN108199898A publication Critical patent/CN108199898A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Current low-speed denial of service attack not only pursues hidden effect, but also pursue highest " cost performance ", i.e., is consumed by minimum attack, reach higher signatures generation.For the present invention by designing attack parameter, wherein parameter, which includes attack pulse rate, attack pulse width, attacks the pulse period and adjusts attack pulse, initiates opportunity, further improves signatures generation.Experiment shows that the method for this enhancing LDoS attack efficiency proposed by the present invention is that more accurately, and have higher signatures generation.

Description

A kind of method for enhancing LDoS attack efficiency
Technical field
The present invention relates to a kind of computer network security technologies, especially pursue higher signatures generation one after another in current attack person Background under, by analyze low rate refusal service (Low-rate Denial of Service, LDoS) attack under congestion Window and queue behavior, design LDoS attack parameter, and opportunity is initiated in adjustment attack pulse so that LDoS attack has higher attack Hit efficiency.
Background technology
In general, formula refusal service (Denial of Service, the DoS) attack that floods can be referred to as one kind " quite The attack pattern of power " although can achieve the purpose that refuse service completely, is causing the same of larger Internet resources loss When, attack consumption is also relatively large.In addition, have many detections for the formula DoS attack that floods and defence method at present, mainly It is the feature by flow to determine whether there are DoS attacks.In some cases, the attacker formula DoS that directly starts to flood is attacked It may not be a kind of effective measures to hit.At present, it is higher in order to hide existing attack detecting and defence method and pursuit Signatures generation, attacker transfer to implement the DoS attack of more " intelligence ".Low rate refusal service LDoS attack is a kind of novel DoS attack mode, the average attack rate of this attack is even also smaller than normal discharge, and therefore, it is difficult to detect and defend.
For the LDoS attack in traditional network, current research is more.Aleksandar Kuzmanovic and DanieXiapu professors Luo are had studied respectively for TCP end system congestion control mechanism RTO (Retransmission ) and the LDoS attack model of AIMD (Additive Increase Multiplicative Decrease) TimeOut.Electronics The team of the Long Keping professors of University of Science and Technology and the small dragon professor of the sun of University of Science & Technology, Beijing are by LDoS attack parameter and network environment Parameter is combined, it is proposed that more accurately network behavior model.Mina professors Guirguis are disclosed for RED routers team The LDoS attack principle of row administrative mechanism establishes the networked control theory model under attack.In addition, also directed to different types of LDoS attack quantization compared attack performance.Yajuain Tang and Daniel Xiapu professors Luo of University Of Shantou to towards The LDoS attack of reponse system is studied, and extends the attack pattern that Mina Guirguis are proposed, establishes exchange system Model unite to describe the network behavior under attack.But the achievement in research of the LDoS attack in cloud computing is less.Science and techniques of defence are big The LDoS attack that doctor Feng Zhenqian and professor Su Jinshu demonstrate traditional network can be moved to easily in cloud computing.Cloud The new feature for calculating data center network allows a tenant to implement effective low rate attack with considerably less flow.South Doctor Liu Meng and professor Dou Wanchun of capital university disclose the data Layer flow table free time timeout mechanism of cloud computing software defined network There are loopholes, and for the loophole, they propose a kind of DoS attack of hidden and carry out performance analysis and modeling to the attack.
At present, it is a lot of for DoS attack detection and defence method, achievement in research.Ashley Chonka etc. propose one kind Novel HX-DoS (HTTP/XML-DoS) attacks, this attack utilize the loophole of widely used HTTP and XML in cloud computing, Reduce the service quality of cloud computing.For the attack, it is also proposed that a set of ENDER (Pre-Decision, Advance Decision, Learning System) system of defense, core is to alleviate the HX- in cloud platform using the method for packet making DoS attack.Yu Shui etc. are directed to the ddos attack of cloud computation data center, it is proposed that a kind of dynamic BTS configuration strategy utilizes Idle cloud resource replicates enough intrusion prevention servers, achievees the purpose that fast filtering DoS attack stream.Anteneh Girma etc. analyzes the DDoS detection techniques and its advantage and disadvantage currently for different parameters, it is proposed that can effectively alleviate DDoS and attack The mixing statistical model hit.Opeyemi A Osanaiye etc. detect ddos attack by analyzing TCP/IP header features The source of data packet.Han Zhijie etc. mainly has studied the problem of carrying out Denial of Service attack to HTTP applications on cloud computing platform. Attack is detected by features such as CPU, network throughputs, attack stream is filtered by the method for black and white lists.Han Wei etc. is to being based on The workflow of Hadoop cloud computing platform is studied, and combines the heartbeat inspecting mechanism of its own, it is proposed that a kind of completely new Model is defendd with selfreparing based on Hadoop cloud node DoS detections.We also proposed dissipates suitable for the virtual of cloud computing platform Row safety access method, and using the seamless switching of elastic mechanism realization node, so as to alleviate the DoS attack in cloud computing.
LDoS attack pursues maximum signatures generation, and FB-LDoS (Full buffer-LDoS) attacks, which have proved to be, attacks Hit a kind of highest LDoS attack of efficiency, but existing FB-LDoS challenge models are there are some problems, therefore, for cloud meter FB-LDoS attacks in calculation are modeled.FB-LDoS challenge models in cloud computing are the two-way time based on variation first (Round Trip Time, RTT) is solved the problems, such as over based on inaccuracy caused by fixed RTT modelings, and the model has There are higher signatures generation and attack to lose.
Invention content
The premise modeled herein first is the RTT based on variation, is two parts by RTT point, first part be subject to processing delay, The influence of transmission delay and propagation delay, second part determine by queuing delay, RTT by with the variation of momentary queue length and Variation, it is assumed that RTTiRepresent the two-way time of i-th of time slot, QiRepresent RTTiAt the end of corresponding momentary queue length, i.e., every Remaining packet number in router queue caching after one RTT time.Then RTTiIt can be expressed as:
First item rtt represents that the first part in RTT takes fixed value on the right side of formula (1) equal sign.Section 2 on the right side of formula (1) Represent the changing unit in RTT, it can be seen that the changing unit of current RTT momentary queue length at the end of by a upper RTT It influences.
When router queue caching is full, bottleneck link is up to peak use rate, i.e., each rtt can transmit C TCP Data packet.Assuming that the TCP data packet being lined up discharges queue with time interval d, then d can be represented as follows:
Wherein, C ' represents the bottleneck link processing capacity as unit of Mbps, and packetsize represents TCP packet sizes.It is logical Often, for a determining network, C ' takes fixed value not change over time.Therefore, the discharge interval d of data packet is by TCP packets Size determines.Further, it is contemplated that TCP groupings and the relationship of ACK, TCP transmitting terminals just send one newly whenever an ACK is received Grouping.Therefore, the transmission rate of TCP groupings is equal to the rate of discharge d of queue.
Because router queue cache size is B, link processing ability is C, therefore, if fortress full queue, TCP congestions Window size should reach B+C, send B+C grouping within the time of a RTT in other words.Wherein B is grouped to fill out Full queue, C grouping take link.According to formula (1), RTT increases with the increase of momentary queue length, therefore RTT exists Reach maximum value during queue full.If router cache size is provided according to bandwidth time delay productIt is so full RTT during queue will be equal to 2rtt.In the case of queue full, for a new data packet for reaching router, only Have when one data packet being lined up of discharge in router queue, when vacating a clear position, new data packet ability Into enqueue.Otherwise, which is dropped.Attack is exactly based on the transmission opportunity of dexterously control attack packet so that each Attack packet, which is all tried to be the first, occupies the clear position of queue.At present, attacker can estimate real-time team by many existing methods Row length, therefore, attacker are easy for find when queue is filled, and accurately control attack packet reach queue when Between.So B+C normal TCP groupings can be caused all to abandon.Assuming that router queue is in RTTiIt is in during beginning Fill up state, then in RTTiInterior packet procedures are segmented into two stages.
First stage:First stage originates in router cache and is just filled up by TCP packets, and attacker will cause in this stage B TCP packet abandons.Fig. 1 and Fig. 2 describes this process.Wherein white box represents TCP packets, and black box represents FB-LDoS Attack packet, dotted line frame represent the clear position in queue.
In Fig. 1, discharged when a TCP being lined up is coated with, a clear position just occur in router queue.This When, if attack packet A1Than TCP data packet P1It is previous to reach router queue, then A1It will try to be the first to join the team and occupy clear position, and Relatively lag behind the P of arrival1It will be dropped due to queue full.
Fig. 2 then shows how attacker prevents B newly arrived TCP packets (P1, P2..., PB) join the team.Wherein, " √ " Represent that attack is wrapped into enqueue, "×" represents that TCP coatings abandon.In the first stage, B TCP packet is lined up in queue, Bottleneck link will be spentThe time of (B × d) empties data packet all in queue.Therefore, in order to make B is new to reach TCP packets all abandon, attacker at least needs to send B attack packet with interval d, and corresponding to ensureing that each attack packet is slightly sooner in time than Each TCP packets reach queue.As long as meet above-mentioned condition, then whenever discharging a data packet in queue, attack packet all can Occupy the clear position occurred in queue immediately before TCP packets.
Second stage:The B TCP groupings that second stage is lined up before originating in queue are all emptied.This When, queue is taken completely by attack packet.Assuming that the time interval of attack packet discharge is d ', then d ' can be expressed as:
Wherein, packetsize ' represents attack packet size.In general, in order to reduce attack consumption, attacker can set as far as possible Put smaller attack packet.Fig. 3 and Fig. 4 describes the process in this stage.Equally, white box represents TCP packets, black box table Show attack packet, dotted line frame represents the clear position in queue.
In second stage, if attacked without FB-LDoS, newly arrived C TCP data packet (PB+1, PB+2..., PB+c) should be into enqueue.But in the case where there is attack, the rate of attack packet sending speed and queue discharge data packet Synchronous, so attack packet will occupy each clear position, and be always maintained at queue full, and TCP packets will be all dropped.At this In, attacker only needs to send with interval d 'A attack wraps to stop that C TCP is packed in team.And send these Attack packet will be spentTime, and transmission rate should it is consistent with link processing ability be C ' Mbps。
It is analyzed according to the packet procedures in above-mentioned two stage, a kind of stepped FB-LDoS challenge models can be designed in Fig. 5 In, relatively low ladder corresponds to the first stage, and higher ladder corresponds to second stage.According to the analysis of packet procedures, can set relatively low The step pulse duration beImpulse amplitude And the higher step pulse duration is L2=rtt, impulse amplitude δ2=C ' Mbps.As can be seen that in the first stage, nothing Why size by attack packet is worth, and B attack packet one surely stops B TCP packet, therefore attacker can use minimum attack Packet consumes to reduce attack.In second stage, the packet sending speed of attacker equal with link processing ability C ' must could continue Fill up queue.So far, the setting of attack two parameters of pulsewidth and attack amplitude is discussed.And it attacks cycle T and is delayed by setting RTTiThe time of+3d launches a offensive pulse, and wherein d is that TCP gives out a contract for a project interval.
Description of the drawings
Fig. 1 is queuing behavior when TCP packets fill up queue;
Fig. 2 causes B TCP packet to abandon for B attack packet with interval d transmissions;
Fig. 3 attack packets fill up queuing behavior during queue;
Fig. 4 isA attack packet causes C TCP packet to abandon with interval d ' transmissions;
Fig. 5 is staged challenge model.
Fig. 6 is congestion window process and queue process under novel FB-LDoS challenge models
Fig. 7 is the TCP packet procedures under delay attack.
Fig. 8 (a) is that the overall variation of window and queue is, (b) is window and the localized variation (0.905s- of queue 0.930s), (c) is the localized variation (0.90s-1.122s) of window and queue
Fig. 9 is TCP aggregated throughputs.
Figure 10 is packet loss.
Figure 11 is attack loss (Damage) comparison.
Figure 12 is compared for signatures generation (Potency).
Specific implementation method
To verify the effect of this enhancing LDoS attack potency method, prove to be proposed by building NS-2 experimental situations Novel FB-LDoS challenge models, and test its signatures generation.The main verification of experiment:1st, novel FB-LDoS challenge models Window and queue situation;2nd, novel FB-LDoS challenge models have higher signatures generation.
1st, the window of novel FB-LDoS challenge models and queue situation
Opportunity is initiated by simply adjusting attack pulse, further improves signatures generation.Gathering around in one attack period It fills in window (cwnd) process and queue process is as shown in Figure 6.Cwnd processes are divided into 4 stages.
Phase 1:Challenge model compared to Fig. 6, here, setting time delay RTTiThe time of+3d launches a offensive pulse, Middle d is that TCP gives out a contract for a project interval.The purpose of delay attack is to induce TCP transmitting terminals to perform Fast retransmission algorithm, and triggers Fast retransmission 4 TCP packets transmission are then needed, packet procedures are as shown in Figure 7.
It is analyzed with reference to Fig. 6 and Fig. 7, in RTTi+ 1 starting, cwnd become B+C+1, it means that the grouping that TCP is sent Quantity be more than cache size with bottleneck link processing capacity and B+C, therefore there are one TCP packets will loss, such as dotted line in Fig. 7 It is shown.The reason of packet loss, is, works as RTTiAfter all TCP groupings sent are all identified, TCP transmitting terminals increase its sliding window Add a message segment, i.e., in RTTi+ 1, TCP will continuously transmit 2 groupings.But only there are one clear position, institutes for queue at this time It will be dropped with second TCP packet.Later, attacker allows next 3 groupings Successful transmissions, this 3 TCP groupings will draw The ACK of 3 repetitions of hair feeds back to transmitting terminal.According to Transmission Control Protocol, these three TCP are grouped, are each needed by one It is identified after RTT.Since at this time queue is filled up always, RTT values are constant.According to above analysis, the 3rd repetition ACK will be in t=RTTi+RTTi+ 1+3d the moment is received by TCP transmitting terminals.FB-LDoS attack pulses originate in t=RTTi+3d And continue to re-transmission.In this case, remaining B+C-3 TCP grouping will be in t=RTT in the cwndiIt is arrived after+3d It reaches, and that grouping retransmitted will also abandon, this is because whenever there are one can all be attacked during clear position in queue caching Packet occupies.
In the figure 7, the cwnd sizes of the TCP transmitting terminals whenever an ACK is received are given.In RTTiAt the end of+1, Cwnd will rise to B+C+2, this is because RTT beforeiB+C TCP groupings (ackj+1, ackj+2 ..., the ack of interior transmission J+B+C it) has been identified.In RTTiIn+1 period, attack pulse will not prevent cwnd from increasing.It is repeated when receiving the first two ACK when, TCP transmitting terminals do not retransmit grouping and do not increase cwnd, therefore cwnd sizes will keep B+C+2, be received after 3d To the ACK of the 3rd repetition.
Phase 2:Once receiving the ACK of 3 repetitions, cwnd will halve and becomeBecause later B+C-3 The grouping that TCP is grouped and retransmits all is lost, so without ACK back to TCP transmitting terminals, TCP enters waiting-timeout state.
Phase 3:When RTO timer expireds, Slow start threshold is set as the half of current window, held by TCP transmitting terminals Row slowstart algorithm, cwnd increase from 1 start index.
Phase 4:Once cwnd reaches Slow start threshold, TCP performs Congestion Avoidance and calculates hair, and cwnd linear increases are under A cycle.
Next be discussed, as shown in fig. 6, an attack period can be expressed as T=T the attack period1+T2+T3, wherein T1 =min RTO,
By analyze above obtain attack it is proposed that the method for this enhancing LDoS attack efficiency have and higher attack Hit efficiency.There are two reasons:1) congestion window thresholding halves twice, therefore the time of TCP congestion window exponential increases shortens, and The time lengthening of linear increase.Congestion window increases slower, and the performance of TCP is lower;2) the attack period is longer, therefore during unit Interior attack consumption is relatively lower.
It to verify this method, is initiated opportunity by adjusting attack pulse, setting attack cycle T=209.4ms, Qi Tagong Hit parameter constant.In this case, experimental result is as shown in figure 8, wherein Fig. 8 (a) is shown in an attack period completely Window and queue variation, Fig. 8 (b) and Fig. 8 (c) are exaggerated the part of curve.Critical data point is marked in figure, It can be seen that the theory analysis of experimental result and Fig. 6 are completely the same.
2nd, novel FB-LDoS challenge models have higher signatures generation
Next, reflect the performance of LDoS attack by testing handling capacity and packet loss two indices, mainly with normally In the case of index compare.The accumulation TCP handling capacities in 5 seconds are counted as shown in figure 9, counting average packet loss ratio such as Figure 10 per second It is shown.From fig. 9, it can be seen that 5 seconds kinds time at the end of, normal TCP flow aggregated throughput is about originally 229.63Gb, but under the action of having FB-LDoS attacks, the aggregated throughput of normal TCP flow drops to 7.69Gb or so, drop Width is up to 96.65%.From fig. 10 it can be seen that the packet loss of TCP flow is very low under normal circumstances, only 0.13%, at this time mainly by AIMD mechanism influences.And LDoS attack causes the more frequent congestion of link, TCP transmitting terminals continually utilize AIMD mechanism and RTO Mechanism adjusts transmission rate, this does not only result in TCP congestion windows and maintains a smaller range, the i.e. number that TCP is sent out in itself It is just seldom according to packet.Moreover, even if having issued data packet in the range of window permission, then wherein TCP data packet also can be by LDoS attack packet entry deterrence queue.Therefore, packet loss higher under LDoS attack has respectively reached 5.46% He under two kinds of models 4.19%.Other than being compared with normal TCP performances, it can also be seen that two kinds of challenge models reach from Fig. 9 and Figure 10 Different attack effect.From aggregated throughput and packet loss two indices, original challenge model causes TCP flow to be damaged More flows are lost.This is primarily due in original challenge model, and the period that LDoS attack pulse is sent is short, more frequently Ground causes TCP to carry out congestion control, therefore causes the loss of TCP some higher.
Next, compare the signatures generation under two kinds of attack methods.It is Successful transmissions in an attack period to define G The bit number of TCP groupings, A represent the attack bit joint number needed for an attack pulse.It is weighed and attacked by following three indexs Efficiency.
1) defining average transmission rate isRepresent the TCP packet bit numbers of Successful transmissions in the unit interval;
2) for Damage=C '-Rate, expression should be transmitted for definition attack loss, but under FB-LDoS attacks not into The bit number of work(transmission;
3) definition attack, which consumes, isIt can be calculated by attack parameter.
Signatures generation is defined as the ratio of attack loss and attack consumption, i.e.,:
In an experiment, 5 attack periods are randomly selected to count Damage and Potency.Figure 11 and Figure 12 give reality Test result.By comparing it can be found that experiment value and theoretical value are coincide very much.And it is proposed that this enhancing LDoS attack The method of efficiency has higher signatures generation.

Claims (1)

1. a kind of method for enhancing LDoS attack efficiency, is by establishing a kind of stepped LDoS pulse attacks model of full queue It realizes, model parameter includes attack pulse rate δ1And δ2, attack pulse width L1And L2, attack pulse period T, feature It is:
(1) attack pulse rate δ1And δ2It is set asδ2=C ', wherein B are represented Router cache size, C represent the bottleneck link rate as unit of packet number, and C ' represents the bottleneck link as unit of Mbps Processing capacity, packetsize ' represent attack packet size, and rtt represents the two-way time in network, dependent on processing delay, pass Defeated delay and propagation delay;
(2) attack pulsewidth sets L1And L2It is set asL2=rtt;
(3) the attack period is set as T=T1+T2+T3, wherein T1=min RTO, Wherein d is the discharge interval of TCP packets in caching
(4) the initiation opportunity of attack pulse is set as:When router cache is full, then 3d is waited for launch a offensive after being delayed arteries and veins Punching.
CN201810046587.8A 2018-01-12 2018-01-12 A kind of method for enhancing LDoS attack efficiency Pending CN108199898A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810046587.8A CN108199898A (en) 2018-01-12 2018-01-12 A kind of method for enhancing LDoS attack efficiency

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810046587.8A CN108199898A (en) 2018-01-12 2018-01-12 A kind of method for enhancing LDoS attack efficiency

Publications (1)

Publication Number Publication Date
CN108199898A true CN108199898A (en) 2018-06-22

Family

ID=62590142

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810046587.8A Pending CN108199898A (en) 2018-01-12 2018-01-12 A kind of method for enhancing LDoS attack efficiency

Country Status (1)

Country Link
CN (1) CN108199898A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040131A (en) * 2018-09-20 2018-12-18 天津大学 A kind of LDoS attack detection method under SDN environment
CN109150838A (en) * 2018-07-24 2019-01-04 湖南大学 A kind of method for comprehensive detection for Denial of Service attack at a slow speed
CN110012006A (en) * 2019-04-01 2019-07-12 中国民航大学 A kind of low-speed denial of service attack method for CUBIC
CN111478893A (en) * 2020-04-02 2020-07-31 中核武汉核电运行技术股份有限公司 Detection method for slow HTTP attack
CN115242551A (en) * 2022-09-21 2022-10-25 北京中科网威信息技术有限公司 Slow attack defense method and device, electronic equipment and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457489A (en) * 2010-10-26 2012-05-16 中国民航大学 Attacking, detecting and defending module for LDoS (Low-rate Denial of Service)

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457489A (en) * 2010-10-26 2012-05-16 中国民航大学 Attacking, detecting and defending module for LDoS (Low-rate Denial of Service)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109150838A (en) * 2018-07-24 2019-01-04 湖南大学 A kind of method for comprehensive detection for Denial of Service attack at a slow speed
CN109040131A (en) * 2018-09-20 2018-12-18 天津大学 A kind of LDoS attack detection method under SDN environment
CN110012006A (en) * 2019-04-01 2019-07-12 中国民航大学 A kind of low-speed denial of service attack method for CUBIC
CN111478893A (en) * 2020-04-02 2020-07-31 中核武汉核电运行技术股份有限公司 Detection method for slow HTTP attack
CN111478893B (en) * 2020-04-02 2022-06-28 中核武汉核电运行技术股份有限公司 Detection method for slow HTTP attack
CN115242551A (en) * 2022-09-21 2022-10-25 北京中科网威信息技术有限公司 Slow attack defense method and device, electronic equipment and storage medium
CN115242551B (en) * 2022-09-21 2022-12-06 北京中科网威信息技术有限公司 Slow attack defense method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN108199898A (en) A kind of method for enhancing LDoS attack efficiency
Zhijun et al. Low-rate DoS attacks, detection, defense, and challenges: A survey
Luo et al. On a new class of pulsing denial-of-service attacks and the defense.
Kang et al. SPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding Attacks.
Luo et al. The NewShrew attack: A new type of low-rate TCP-Targeted DoS attack
CN111756685A (en) DDOS attack detection method based on hypothesis test
Hussain et al. Impact of DDoS attack (UDP Flooding) on queuing models
Yue et al. Low-high burst: a double potency varying-rtt based full-buffer shrew attack model
Yue et al. High-potency models of ldos attack against cubic+ red
CN107800711A (en) A kind of method that OpenFlow controllers resist ddos attack
CA2548344A1 (en) Preventing network reset denial of service attacks
Kumar et al. Data sequence signal manipulation in multipath tcp (mptcp): The vulnerability, attack and its detection
Luo et al. Performance analysis of TCP/AQM under denial-of-service attacks
CN109995770B (en) LDoS attack detection method based on queue distribution
Khanna et al. Adaptive selective verification
Luo et al. Optimizing the pulsing denial-of-service attacks
Patel et al. The low-rate denial of service attack based comparative study of active queue management scheme
Domański et al. Comparison of CHOKe and gCHOKe active queues management algorithms with the use of fluid flow approximation
Mergendahl et al. FR-WARD: Fast retransmit as a wary but ample response to distributed denial-of-service attacks from the Internet of Things
Kieu et al. Using CPR metric to detect and filter low-rate DDoS flows
Rabie et al. Applying sigmoid filter for detecting the low-rate denial of service attacks
Dong et al. Analysis of low-rate TCP DoS attack against FAST TCP
Liu et al. Modeling and quantifying the impact of P2P file sharing traffic on traditional internet traffic
Paliwal et al. A new effective TCP-CC algorithm performance analysis (NS3)
Wang et al. AIMD Congestion Control: Stability, TCP-friendliness, Delay Performance

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180622