Wei Wei,Yabo Dong,Dongming Lu,Guang Jin,Honglan Lao

DOI: https://doi.org/10.1007/11760146_23

2006-01-01

Abstract:Low-rate TCP-targeted Denial-of-Service (DoS) attack (shrew) is a new kind of DoS attack which is based on TCP’s Retransmission Timeout (RTO) mechanism and can severely reduce the throughput of TCP traffic on victim. The paper proposes a novel mechanism which consists of effective detection and response methods. Through analyzing sampled attack traffic, we find that there is a stable difference between attack and legitimate traffic in frequency field, especially in low frequency. We use Sum of Low Frequency Power spectrum (SLFP) for detection. In our algorithm the destination IP address is used as flow label and SLFP is applied to every flow traversing edge router. If shrew is found, all flows to the destination are processed by Aggregated Flows Balance (AFB) at a proper upstream router. Simulation shows that attack traffics are restrained and TCP traffics can obtain enough bandwidth. The result indicates that our mechanism is effective and deployable.

Boyang Zhou,Gaoning Pan,Chunming Wu,Kai Zhu,Wei Ruan

DOI: https://doi.org/10.1007/s11432-019-9921-7

2020-01-01

Science China Information Sciences

Abstract:Dear editor, Recently, crossfire attack has been witnessed as a new distributed denial-of-service (DDoS) weapon that can effectively cut off the data connections between the chosen target area (wd) of servers and the end hosts (H).The attack is launched by a network of bot (botnet) to drain bandwidth of persistent routes (PRs) in the indirect and lowrate data flooding towards the decoys that are located in upstream to the target, where the PRs are probed by the adversary who sends Internet control message protocol (ICMP) packets with different time-to-live (TTL) values, e.g., using traceroute [1].Such flooding is hard to be detected by firewalls or IDSes.

Zhen Han,Wei Wang,Changyun Wen,Lei Wang

DOI: https://doi.org/10.1109/tii.2024.3393142

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:This article focuses on the distributed adaptive consensus control problem for nonlinear systems with unknown parameters and denial-of-service (DoS) attacks. The communication channels among subsystems are directed and DoS attacks are executed on subsystems to jam the communication transmission. Besides, only part of these subsystems can access states of the desired reference system. To actively alleviate attack effects on the consensus performance, a distributed adaptive consensus control scheme with an active-defense mechanism is proposed. The active-defense mechanism consists of an attack-detection algorithm and a switching strategy. The distributed adaptive consensus controller is designed with normalized damping terms in control inputs and parameter update laws. In the presence of DoS attacks, a stability condition is derived based on the designed control scheme, which guarantees that the consensus errors are globally uniformly bounded under arbitrary switching dwell-time. Experimental results are provided to validate the effectiveness of the proposed control scheme with the active-defense mechanism.

Wenhai Qi,Yifan Wang,Guangdeng Zong,Huaicheng Yan,Zheng-Guang Wu,Shan Jin

DOI: https://doi.org/10.1109/tcsi.2024.3424512

2024-01-01

IEEE Transactions on Circuits and Systems I Regular Papers

Abstract:The issue of adaptive protocol-based control is studied for nonhomogeneous stochastic semi-Markov jump systems with denial-of-service (DoS) attacks. As a result of cyber attacks occurring during networked information transmission, the security controller design for the underlying nonhomogeneous semi-Markov jump systems becomes significantly more complicated. Different from the existing self-triggered strategy, an adaptive self-triggered strategy is proposed to reduce the updating frequency of the controller by adjusting the on-line threshold. The main novelty lies in constructing an appropriate adaptive self-triggered strategy to realize better dynamic performance, overcoming the difficulty caused by DoS attacks. By using the algebraic relationship among transition probability, probability distribution function, and probability density function, the time-varying transition rate is expressed based on the semi-Markov process. According to adaptive self-triggered strategy and DoS attacks, stochastic stability conditions are established. Furthermore, the desired adaptive self-triggered controller gains are derived to realize the stochastic stability for the corresponding system. Finally, the boost converter circuit model is carried out to ensure the feasibility of the proposed theoretical results.

Kai Bu,Zhixin Sun

DOI: https://doi.org/10.1109/ICYCS.2008.324

2008-01-01

Abstract:The emergence of Distributed Denial of Service (DDoS) attack increases the destructive force of Denial of Service (DoS) attack drastically. Besides bringing more terrible threats, the attack from far and near and the employment of internet protocol (IP) spoofing make the abnormal traffic detection harder and harder. This paper proposes a mechanism defined as AMHI (Address Matching and Hash Inspection) and a method based on it for DDoS attacks detection and defense. Through the simulation experiment, the Address Matching and backup Hash Inspection operations to the suspicious traffic implemented on router interface for local subnet can detect and defend DDoS attacks effectively even when using IP Spoofing. In addition, this method can also decrease a mass of statistical work for the routers, and to some extent ease the pressure of heavy traffic caused by attacks.

pingping lin,xiaosong zhang

DOI: https://doi.org/10.1142/9789812799524_0074

2008-01-01

Abstract:Give a simple but practical scheme for detecting and defending against Distributed Denial of Service (DDoS), especially for Highly Distributed Denial of Service (HDDoS) attacks by monitoring the increase of new IP addresses. Unlike previous proposals, this proposal includes three modules: detecting, filtering, and illegal-packets analyzing. To improve the detection accuracy, we also proposed a simple but robust algorithm: sliding window algorithm. In the filtering module, a filter performs its tasks only during attacks. While the attack-packets-analyzing module uses a trap to analyze attack packets, perfects the defense system. Simulation results demonstrate the effectiveness of the proposed scheme under varieties of DDoS attack scenarios.

Hui Ge,Dong Yue,Xiangpeng Xie,Chunxia Dou,Shuzheng Wang

DOI: https://doi.org/10.1016/j.isatra.2019.11.014

Abstract:In this study, the effects caused by intermittent denial-of-service jamming attack (I-DoS-JA) on different communication channels and communication topology transformations have been deeply analyzed. According to the analyzation, each different communication topology is taken as a subsystem of switching system. Based on switching system, finite-time nonlinear system robust stability conditions are derived. Both the theoretical deduction and example simulation have corroborated that this approach has special effective in resisting the intermittent DoS attack.

Zhu Qiaohui,Liang Qipeng,Kang Yu,Zhao Yunbo

DOI: https://doi.org/10.52396/just-2020-1137

2021-01-01

JUSTC

Abstract:The strategy design and closed-loop stability of networked control systems under unbounded denial of service (DoS) attacks are probed. A multi-path switching protection strategy is firstly designed by noticing the usually available multiple paths in data communication networks. The strategy consists of a DoS attack detection module at the actuator side to identify DoS attacks from normal data packet dropouts, and a multi-path switching module at the sensor side to effectively switch the data transmission path when necessary. Then, the sufficient conditions for the closed-loop system being global mean square asymptotic stability are given, with a corresponding controller gain design method. Numerical examples illustrate the effectiveness of the proposed approach.

Luo Kun,Ren Jing,Wang Sheng,Li Le-Min

2010-01-01

Abstract:DoS(denial-of-service) attacks pose an immense threat to the Internet. Various defense mechanisms were proposed. Unfortunately, until now, there is no perfect solution. This paper proposes a new proactive defense mechanism of DoS attacks based on LISP (Locator Identifier Separation Protocol) network architecture. This mechanism can efficiently control the traffic rate in the network with little overhead. Simulation shows that DoS attacks could be limited effectively.

Dandan Li,Qianqian Cai,Damián Marelli,Wei Meng,Minyue Fu

DOI: https://doi.org/10.1109/tcyb.2023.3348192

IF: 11.8

2024-01-01

IEEE Transactions on Cybernetics

Abstract:This article studies the stability issue of networked switched systems (NSSs) under denial-of-service (DoS) attacks. To address this issue, the derived limitations imposed on both the frequency of DoS attacks on each subsystem and the upper limit of attack duration that each subsystem can tolerate are mode-dependent, which is more efficient and flexible than the current results for NSSs. Moreover, we reveal the relationship between the upper bound of the average maximum tolerable attack duration associated with the corresponding subsystem and the actual mode-dependent average dwell time. Furthermore, we identify that the total tolerable DoS attack duration as a percentage of the system runtime in this article can be higher than existing results. Finally, an example is given to demonstrate the effectiveness of our work.

automation & control systems,computer science, cybernetics, artificial intelligence

Chenxu Wang,Tony T. N. Miu,Xiapu Luo,Jinhe Wang

DOI: https://doi.org/10.1109/tifs.2017.2758754

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Application layer distributed denial of service (DDoS) attacks have become a severe threat to the security of web servers. These attacks evade most intrusion prevention systems by sending numerous benign HTTP requests. Since most of these attacks are launched abruptly and severely, a fast intrusion prevention system is desirable to detect and mitigate these attacks as soon as possible. In this paper, we propose an effective defense system, named SkyShield, which leverages the sketch data structure to quickly detect and mitigate application layer DDoS attacks. First, we propose a novel calculation of the divergence between two sketches, which alleviates the impact of network dynamics and improves the detection accuracy. Second, we utilize the abnormal sketch to facilitate the identification of malicious hosts of an ongoing attack. This improves the efficiency of SkyShield by avoiding the reverse calculation of malicious hosts. We have developed a prototype of SkyShield and carefully evaluated its effectiveness using real attack data collected from a large-scale web cluster. The experimental results show that SkyShield can quickly reduce malicious requests, while posing a limited impact on normal users.

Fabin Cheng,Ben Niu,Ning Xu,Xudong Zhao

DOI: https://doi.org/10.1016/j.cnsns.2023.107689

IF: 4.186

2023-11-13

Communications in Nonlinear Science and Numerical Simulation

Abstract:In this paper, the problem of resilient distributed secure consensus control for uncertain networked agent systems under hybrid denial-of-service (DoS) attacks is investigated. The current situation is that there exists a cyber layer connecting the network control units and a physical layer with specific physical links in the networked agent systems. Both the communication networks connecting the two layers and within the cyber layer may be attacked by DoS maliciously. These two attack scenarios have different impacts on the networked system. The former focuses on updating the control inputs timely, while the latter influences the connection weight of the cyber communication topology. Firstly, a distributed security consensus framework is proposed for the case that updates of signals are destroyed by DoS attacks between two layers, in which an acknowledgement (ACK)-based attack detection and a recovery mechanism are introduced, and a self-triggered based distributed control protocol is designed. On the premise of avoiding Zeno behavior, the relationship between trigger intervals and DoS attack characteristics is revealed. Secondly, corresponding asynchronous switching topology method is developed for secure consensus of the networked systems when DoS attacks are launched within the cyber layer. In addition, we found that large signals jump during switching and triggering will generate pulses and affect system stability. Therefore, a saturation function is introduced to constrain the fluctuation range of the signal. Finally, the effectiveness of the design scheme is verified by the simulation results of multi-robot systems.

mathematics, applied, interdisciplinary applications,mechanics,physics, mathematical, fluids & plasmas

Jie Lian,Peilin Jia,Feiyue Wu

DOI: https://doi.org/10.1109/TCYB.2024.3470011

2024-10-15

Abstract:This article investigates the resilient control strategies of networked switched systems (NSSs) against denial-of-service (DoS) attacks and external disturbance. In the network layer, both the defender and the attacker allocate energy over multiple channels. Considering the impact of switching characteristic in the physical layer on the network layer, a dynamic regulating factor is proposed to adjust the total energy of the defender. To optimize the signal-to-interference-noise ratio and energy consumption simultaneously at each player's side, a multiobjective game problem is formulated. Furthermore, a nondominated sorting genetic algorithm framework is employed, incorporating the knee point selection mechanism to attain the Pareto-Nash equilibrium, based on which the optimal defense strategy can be derived to achieve resilience against DoS attacks. In the physical-layer, taking the dynamic packet loss caused by DoS attacks and external disturbance into account, an H∞ minimax controller containing control inputs and the switching signal is designed to guarantee the optimal performance for NSSs through the dynamic game-theoretic approach. Finally, the networked continuous stirred tank reactor system is provided to verify the effectiveness of the proposed method.

Qingtao Wu,Ruijuan Zheng,Jiexin Pu,Shibao Sun

DOI: https://doi.org/10.1109/ical.2009.5262668

2009-01-01

Abstract:Distributed Denial-of-Service (DDoS) attacks are a major threat to availability of Internet services and resources. We present an adaptive control mechanism that utilizes the Shewhart's control charts based-on network connection to aid in handling DDoS attacks. This mechanism is designed to prevent incoming traffic from exceeding a given threshold, while allowing as much incoming, legitimate traffic as possible. In addition, this mechanism focuses on requiring less demanding modifications to external routers and networks than other published distributed response mechanisms that impact the effect of DDoS attacks. The experimental results show the effectiveness of our scheme in early mitigating DDoS attacks.

Jun Bi,Ping Hu,Lizhong Xie

DOI: https://doi.org/10.1007/978-3-540-79549-0_26

2008-01-01

Abstract:Shim6 is an important multihoming solution. This paper studies shim6 from several perspectives, including shim6 protocol implementation, shim6 mechanism optimization and security enhancement. In order to provide a shim6 research platform, we implement shim6 protocol on the Linux 2.6 platform as one of the first reference implementations. Based on this research platform, we refine the shim6 address switching mechanism, which reduces shim6 address switching time greatly. In addition, we propose an enhanced shim6 security mechanism to defeat reflection-type DoS/DDoS attacks launched from the multihomed site, by preventing source address spoofing in the multihomed site.

shao jiawei,fan lei

DOI: https://doi.org/10.3969/j.issn.1007-757X.2016.02.004

2016-01-01

Abstract:The paper introduces a dynamic-network-structure-based network defense mechanism against Denial-of-Service attacks. On the basis of the elastic of configurations and resource allocations in cloud platforms, the system reallocates the affected clients to newly initialized backup servers with new secret network addresses, which makes them avoid being attacked. Since attackers may trace the migration of the clients under their control(insiders) to discover these new servers, the paper notices the relation between the shuffling results and the distribution of the insiders and introduces a client-shuffle-and-reallocation algorithm based on the results of every previous shuffle to isolate as many benign clients as possible from attackers. Simulations show that when resources are limited, the algorithm uses fewer shuffles to protect most of the benign clients than those of current researches, which proves the higher effectiveness of this algorithm.

Changhua Sun,Jindou Fan,Lei Shi,Bin Liu

2007-01-01

Abstract:Distributed Denial-of-Service (DDoS) attack remains a serious problem on the Internet today, as it takes advantage of the lack of authenticity in the IP protocol, destination oriented routing, and stateless nature of the Internet. Among various DDoS attacks, the TCP SYN flooding [1] is the most commonly-used one. It exploits TCP’s three-way handshake mechanism and TCP’s limitation in maintaining half-open connections. When a server receives a SYN packet, it returns a SYN/ACK packet and allocates resources (typically backlog queue in the system memory) to track the TCP state. Then the server would wait until either the half-open connection completes or the TCP connection times out. In the SYN flooding attack, the server will receive a large number of SYN packets but never receive the final ACK packets to complete the three-way handshake. Then the victim server’s backlog queue can be easily exhausted, causing all the new incoming SYN requests to be dropped. Furthermore, many other system resources, such as CPU and network bandwidth used to retransmit the SYN/ACK packets, are occupied. The most viable techniques [2] up-to-date to defend SYN floods include SYN cache [3] and SYN cookies [4]. SYN cache is to allocate minimal state when the initial request is received, and only allocate all the resources when the connection is completed. If the backlog queue is full, the oldest entry is removed. SYN cookies allocate no state for half-open connections. Instead, they encode most of the states and encrypt them into the sequence number transmitted in the SYN/ACK packet. The ACK packet that completes the handshake can be used to reconstruct the state to be put into the backlog queue. One problem with SYN cookies is not able to encode all the TCP options, and the other is that TCP protocol with SYN cookies would never retransmit the unacknowledged SYN/ACK packet. In addition, both of them do not handle application data piggybacked on the SYN segment, i.e., incompatible with Transactional TCP (T/TCP)

Xiang Chen,Hongyan Liu,Dong Zhang,Qun Huang,Haifeng Zhou,Chunming Wu,Qiang Yang

DOI: https://doi.org/10.1109/mnet.107.2100643

IF: 10.294

2022-01-01

IEEE Network

Abstract:Distributed denial-of-service (DDoS) attacks have long been the most severe and destructive attack on modern networks. Some solutions place several middleboxes that run security-oriented network functions (SNFs) in the network to defend against DDoS attacks. However, middleboxes are proprietary and fixed-function, making them costly and inflexible when handling attack dynamics. Another class of solutions exploits the capability of software-defined networking (SDN) and network function virtualization (NFV) to run virtualized SNFs on commodity servers. This reduces the cost of DDoS attack mitigation while enabling high flexibility by dynamically removing or adding SNF instances. However, this class of solutions sacrifices packet processing performance and incurs non-trivial end-to-end latency, which is unacceptable for many latency-sensitive internet services. Recently, the emergence of programmable switches brings a promising alternative solution: arbitrary SNFs can be directly performed in line-rate ASIC pipelines of programmable switches, enabling low-cost, flexible, and high-performance DDoS attack mitigation. In this article, we present an illustrative survey of recent solutions that leverage programmable switches to provide DDoS attack mitigation. Our survey can help understand how to make full use of the benefits of programmable switches to defend against DDoS attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Xin Cheng,Zhiliang Wang,Shize Zhang,Jia Li,Jiahai Yang,Xinran Liu

DOI: https://doi.org/10.1109/globecom46510.2021.9685622

2021-01-01

Abstract:Distributed Denial of Service (DDoS) flooding attacks have been a severe threat to the Internet for decades. These attacks usually are launched by exhausting bandwidth, network resources or server resources. Since most of these attacks are launched abruptly and severely, it is crucial to develop an efficient DDoS flooding attack detection system. In this paper, we present Slider, an online sketch-based DDoS flooding attack detection system. Slider utilizes a new type of sketch structure, namely Rotation Sketch, to effectively detect DDoS flooding attacks and efficiently identify the malicious hosts. Meanwhile, Slider also learns the characteristics of the current network during the time specified by the network operator to periodically update the parameters of its detection model. We have developed a prototype of Slider and the evaluation results on real-world traffic and public DDoS/DoS attack datasets demonstrate that Slider can effectively detect various DDoS flooding attacks with high precision and robustness.

Fan Yang,Zhou Gu,Engang Tian,Shen Yan

DOI: https://doi.org/10.1049/iet-cta.2020.0536

IF: 2.67

2020-12-01

IET Control Theory and Applications

Abstract:This study addresses the event-based control of networked switched systems subject to cyber attacks. A novel mode-based event-triggered mechanism is proposed, which is capable of characterising non-periodic denial-of-service (DoS) attacks. A switching control law is employed in each subsystem to weaken the negative effects caused by DoS attacks. The time sequences of system switchings, event triggerings and intermittent DoS attack behaviours are fully investigated, which yields a resultant closed control system. Then, by using piecewise Lyapunov functional methods, sufficient conditions are formulated to guarantee the concerned system exponentially stable. Meanwhile, the co-design methods for switching controllers and event-triggering parameters can be developed. Finally, a numerical simulation example and a practical example of a second-order oscillating circuit are presented to verify the proposed methods.