The DRR-based Approach of Defending against LDoS
The low-rate denial of service (LDoS) attack is known as a low-rate TCP attack with essentially a periodic short burst, which exploits the homogeneity of the minimum retransmission timeout (RTO) of TCP flows and forces all affected TCP flows to back off and enter the retransmission timeout state. LDoS attack is new threat to Internet and ISP service. This paper adopts the deficit round robin (DRR) algorithm to defend against LDoS attack. DRR algorithm provides bandwidth allocation and protection between flows to improve the throughput of all the TCP flow. Experiments on single low-rate attack on single TCP flow and multiple TCP flows show that DRR has an expected effect on resisting LDoS attack.
low-rate DoS (LDoS) DRR fairness
Jin LEI Xingchen LIU
Tianjin Key Laboratory for Advanced Signal Processing Civil Aviation University of China Tianjin, China, 300300
国际会议
厦门
英文
11-13
2010-10-29(万方平台首次上网日期,不代表论文的发表时间)